JDPFu.com 2025

With the release of Gnome 3 and pending next version of Ubuntu running Unity, there are many things changing in the Linux GUI world.

So I got this email today from TiVo. Relatively short and too the point. Definitely appreciated. I hope they fire that email service. There needs to be repercussions for unauthorized data leaks. The company reported to have the breach is Epsilon. If you are a client, time to get out of that contract.

I use a very specific email alias just for TiVo, so I’ll know if anything comes from this leak. Anyone knowing that address and my first name … oh well … lot’s of people know my first name. I’ll wait until spam starts before disabling this alias created for TiVo. This is the 2nd time that my TiVo specific alias has been released without my approval. Nice job selecting partners TiVo. I still use a TiVo Series2, but haven’t paid them any money since 2004 due to the prior breach. At least they told me about it this time – perhaps due to the California law which requires customer notification of unauthorized data releases?

================================================== 
TiVo Service Announcement
================================================== 
 
Dear TiVo Customer,

Today we were informed by our email service provider 
that your email address was exposed due to unauthorized 
access of their system. Our email service provider 
deploys emails on our behalf to customers who have 
opted into email-based communications from us.

We were advised by our email service provider 
that the information that was obtained was limited 
to first name and/or email addresses only. Your 
service and any other personally identifiable
information were not at risk and remain secure. 

Please note, it is possible you may receive spam 
email messages as a result.  We want to urge you 
to be cautious when opening links or attachments 
from unknown third parties. 

We regret this has taken place and apologize for any 
inconvenience this may have caused you. We take 
your privacy very seriously, and we will continue 
to work diligently to protect your 
personal information. 

If you have unsubscribed in the past, there is no 
need to unsubscribe again. Your preferences will 
remain in place.

Sincerely,
The TiVo Team

Here is what Epsilon says on their website

IRVING, TEXAS – April 1, 2011 - On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.

If this was an insider job, there isn’t much that could have been done to protect against the releases besides paying their people well and giving stock options to them so they have a financial reason to protect company assets.

Whether the Do Not Track settings have any legal support or not, it is worth enabling this for anyone who would like to tell websites not to track them. It may be a worthless effort, but thankfully, it doesn’t take much effort, so why not?

On my Linux system, running Firefox 4.0, the Tell web sites I do not want to be tracked setting, yes, that is the exact wording, is under the Advanced tab of the General tab in the Firefox Preferences.

Steps:

• Edit
•   Preferences
•     Advanced
•       General
• then under the Browsing heading, check box to Tell web sites I do not want to be tracked
  
  Simple.

On other operating systems, it should be easy to find.

KeePassX is my password manager of choice.
Enigmail is the GnuPG signature and encryption add-on for Thunderbird.
Pinentry is used by Enigmail to enable secure entry of PINs, passwords and pass phrases. It blocks copy/paste and forces all keyboard entry into the pinentry textfield. That’s great if you have trivial or easily typed pass phrases. I do not.

These are all fantastic, until you depend on KeePassX to hold non-trivial pass phrases to gain access to your certificates. Since pinentry doesn’t allow copy/paste, there is a major issue. If your passphrase is non-trivial and long, then manually entering them whenever you need to read or send a sensitive email is beyond a hassle. It sucks. pinentry also grabs both the keyboard and copy/paste events, so you are probably unable to alt-tab to the window you really need. Anything typed on the system gets placed into the pinentry text field. How rude.

Workaround

There is a workaround – it is a hassle, but better than trying to type 50 characters of assorted keys.

Use the Perform Autotype option by mousing for your specific KeePassX entry. Doing this means that the Userid needs to be empty and you need to already have KeePassX unlocked before you begin any encryption work. Using the mouse to cause the paste/autotype works.

You’ll probably want to setup gpg-agent to hold your keys for a while too. Anything to avoid going through this crap to retype pass phrases for certificate access.

I’m running Enigmail v1.1.2, Pinentry-gtk2 v0.7.6 and Thunderbird v3.1.8.

In this Tax season, I find myself needing to share sensitive documents with relatively unsophisticated people and organizations. How should I share my files with them?

The Options

There are a few options to get those sensitive files to a provider. I will attempt to list the options, then describe the problems with each. Sadly, there aren’t any good solutions unless the service provider already has a solution setup. In my experience, be it an accountant, lawyer, doctor or shipping company, they do not.

1. Encrypted Email with PGP or OpenPG or GnuPG
2. Encrypted files, probably ZIPped attached to emails with a shared password
3. Encrypted shared file service – perhaps Dropbox or sftp
4. SSL Encrypted web portal with non-trivial userids and passwords

Sadly, there is no universal standard for sharing files, securely.

I’ve been having issues with the X/Windows on the system that I’d like to use for a desktop. After trying different drivers and new drivers, I decided that the GeForce 7600 GS may not be up to the task. While getting a haircut, I looked across the street to see … Microcenter. It was loudly calling me to buy a new video card.

GPU Selection

I’d done some research and built a list of reasonable cards for consideration. $50 was my target price. Now I’m staring at a wall filled with nVidia and ATI cards. I really wanted a GT 440, but they didn’t have any in my price range. They did have hundreds of GT 430s – some in my price range and there was a $48 GeForce 9800 GT. This was ideal, but the GT 430 was intriguing. I needed to know more, so I asked the youngest guy there who looked like a nerd to help. He pulled up a GPU comparison website and was entering 9800/430. They were very comparable, the GT 430 was just a tad slower, but it used half the power and supported DirectX 11. Lots of thinking – ok, I’ll get it now and if the card appears to be crap when I perform my research at home, then I can return it. Research done. I’d gotten lucky with this card, especially for the $54AR price.

The last few weeks my corporate email account has received about 10 of these messages every day with a ZIP file attached. The wording is reasonable for an English speaker, which is odd for spam. Usually the English is so poor as to not be an issue and is a clear sign of spam email. These DHL email are being caught at the server and put into the junk folder along with the get a doctorate degree spams.

Anyway, I’d like to warn everyone not to open these DHL emails or any ZIP attachments.

Why not?

• Did you provide DHL with your email address? I never have.
• Are you expecting a package? I’m not and 99.9% would NOT come from DHL.

Seems to me that DHL would know my name, address, and provide a package tracking number in all correspondences. These emails had none of that information – i.e. spam.

I use Firefox with just a few extensions. Seven (7) are enabled right now. I have 3 tabs open, including the window I’m typing this article into.

So, why is Firefox using almost 1GB of RAM on my system?

  PID USER          PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND           
30488 userid        20   0  973m 673m  26m S    9 33.5 445:22.42 firefox-bin        

Seriously, I’d like to know. What could Firefox v3.6.13 be doing that needs more than 100MB of RAM? I see this happening almost every week.

What sort of memory use do you see with Firefox?

If you are in IT, you hear Open Source Software – OSS – all the time. This is better than Closed Source_, but alone it still doesn’t mean you can modify the code or install it on 2,000 machines for no added costs. Wikipedia article on Free Software Licenseslicence .

Terms like

• OSS – Open Source Software
• FOSS – Free Open Source Software
• FLOSS – Free Libre Open Source Software

have vastly different meaning today.

10 yrs ago, OSS was enough. Then commercial software started being released with the source code, but still contained the same proprietary restrictions. Many companies had source code licenses to C++ libraries from Rogue Wave Software. We could see how everything was implemented, but were not allowed to modify the code or the libraries to our needs. Often OSS is still commercial and requires payment for use.

FOSS goes another step. It adds free, as in cost, to the software. You can use it for free and you can have the code, but you may be restricted from modifying, distributing, or the number of systems where you run it. Lots of newer open core software projects use this loophole. They advertise FOSS everywhere, but retain significant restrictions.

FLOSS adds Libre, the Spanish term for Freedom to the discussion. This is what I prefer my software. Zero, or very low, cost. You are free to modify (or pay someone else to modify it). You have the source code and you can give it away and/or run it on 2,000 machines without any cost.

There are lots of different Open Source License Agreements for software. I’m not a lawyer, but I have read most of the agreements and think that I understand them. Always read the agreement and/or get legal advice on each license agreement yourself.

Summary of Popular Software License Agreements

Timeline

• 9/10 President of Microsoft’s Business division leaves to become Nokia’s CEO
• 9/14 Nokia World doesn’t mention MeeGo at all
• Nokia Leaves MeeGo Alliance
• 2/10 Nokia and Microsoft form a partnership to push Windows Mobile7 on Nokia phones

A few links

• New CEO
• MeeGo not mentioned at Nokia World in 2010.
• Windows Mobile 7 Partnership

Linux Hate

We all know that Microsoft doesn’t like Linux. It is afraid and it should be. Microsoft owns the desktop, but not much else. The millions and millions of uncounted Linux servers and Android cell phones is cleaning Microsoft out of those markets. All that Cloud Computing stuff runs on Linux. For IT professionals, Linux is a joy to use and saves over $100/month in added costs required for a Microsoft solution.

To be fair, Maemo (which I have 3 yrs experience with) wasn’t ever going to be a mainstream mobile platform. It wasn’t sexy and was missing some critical software – the contact manager was a joke. I can’t really blame Nokia for wanted to back out from a business perspective. Most GUI designers, fewer engineeers would have helped.

If this wasn’t carefully planned, I’d be surprised. It was an easy and cheap way to effectively kill Linux at Nokia and turn a competitor into a pawn. Nice job Microsoft. As a stock holder, I’m encouraged. OTOH, I really need to sell those MSFT shares.

Seems the other news media caught on to this.