Linux-mag have posted a very interesting article comparing Ubuntu and MacOS. Strongly recommend a read. Link here.
Category: Linux
I’ve been doing some experiments trying to use Japanese characters in Adobe Air applications. There doesn’t seem to be much written on this subject so far. I’ve discovered that it is possible to input in Japanese in both Windows and Linux (using SCIM), but that it is program specific and depends on the fonts that have been selected in the application. Unlike Java which has a system of switching to a different font when a character is not found in the default set, Air will not continue if it cannot render the character in the selected font.
Some applications seem to have implemented a work around by having an international font that can be selected in the settings. TweetDeck is a great example of this. You can turn on the international font and then SCIM works fine. See below:
So basically, at the moment, until Adobe improve the Air system, it looks like the suggested way of getting east Asian characters to work in Adobe Air is to contact the developer and ask them to implement an international font. I imaging the prospect of their software also working in China, Japan and Korea would probably be enough for most to do this.
Wow. Just read over at the google blog that google are set to launch a new OS. It’s planned to be an ultra fast linux kernel based web browser delivery system. Sounds similar to gOS. All the applications will be online and the windows rendering system will be all new. I’m a bit suspicious about this. Is it not a google attempt to do exactly what Microsoft have been criticised for in defaulting users to their services by tying them to the OS. Also what kind of offline facilities will we see? Are we really happy to run all our software though Java, Flash and the like?
Well it’s quite an exciting development anyway. The backing of a major player like Google can only help develop the linux based platform further. They claim they will need help from the open source community. This sounds great, but only if they give back to us what we put in. Question marks still remain as to how this will tie into Android. Supposedly, “Chrome OS” as it will be known is something completely different. I expect to begin with we will see this installed alongside windows on netbooks for people who need fast boots directly into the browser.
You never know, this could be the ground braking first step in a new era that sees Microsoft’s grip on the OS monopoly slip and herald a new age of more balanced OS competition. We shall see. I wait in anticipation.
What is one of the most dangerous things people do these days? They use one or two passwords for every site that they set up an account for on the internet. They might think that password is secure, but how secure is every site they give it to? A hell of a lot of people use the same password for their primary email account as they do for some random forum they wanted to post on. Dangerous! If someone hacks the forum and gets hold of their password and email, chances are, they’ll try the same combination on every other popular site…. ebay, paypal, online banking. You get the jist.
So if we are to have a different password for every different site, how on earth are we going to remember all these long and secure passwords? The answer is KeePass. This wonderful freeware open source application will keep all your passwords secure. How many times have you forgotten you had an account or had to create a new one because you forgot the password? KeePass will solve this. Moat people fear storing all their passwords in one place, but as long as this place is secure, there is a relatively low chance of anyone getting to the file. Then there’s the fact that the file will be encrypted using AES. This is the same encryption system that US diplomats use. Finally the data stored in memory will also be encrypted to prevent other applications from accessing it.
KeePass is great, not least because it runs on Linux, MacOS and Windows, so you can take your passwords wherever you go. There’s a Blackberry port, android port, mobile Java port and they are even working on an iPhone port too. Any where you go you can take your password file with you and only with the master password can anyone read it. If course you have to remember one really long, strong password, but if you can remember that, all the rest of your accounts are safe.
And KeePass stores more than just passwords. It stores the URLs to websites you have accounts on and also your usernames. You can even add extra notes for each account. This way you can easily keep track of hundreds of accounts and give each one a different password. The password can be something you’d never be able to remember. The built in copy paste system allows you to transfer these passwords securely when needed without having to type them in, thus avoiding keyloggers.
Of course, no system is without its cons. Keeping your passwords all i one place would increase the danger should someone get hold of your password database along with your master password. But I am very much of the opinion that this would be much harder to do than to hack a small time forum you’ve used the same password as on other sites for. Security is only as strong as the weakest link. Make sure you have decent antivirus and spyware apps. Make sure you avoid using internet explorer and preferably windows if you can. If you follow simple common sense rules, KeePass should help organise your accounts and allow you to implement a more secure password regime.
You can download KeePass here.
OK, why am I really not surprised? ComputerWorld is reporting that the LSE have finally decided to ditch a crappy windows based TradElect system in light of serious failures culminating in nearly a day’s out time. When are people going to understand that the fundamental philosophy that windows is built on does not suit an enterprise mission critical server environment like this.
For example how can security through obscurity and locked down closed source systems still be in place in such important infrastructure. All the evidence points towards the fact that these systems suffer a massively greater number of security breaches than their opensource counterparts.
Then there’s the issue of performance. How can the LSE sit back and accept that their targets for latency have been no where near met whilst rivals enjoy far superior products? It’s about time people woke up. I really hope many onlookers will learn something here.
Introduction
This is a guide explaining how to create a secret encrypted drive the easy way using a graphic user interface. It covers installing and using the TrueCrypt software (version 6.2a) and Ubuntu (In my case linuxMint).
Before we start
Why would you want to create a encrypted drive? Why not? Probably the main reason is that you have some security sensitive file that you don’t want other people to have access to. An encrypted drive provides a safe place to put these kind of files so that people cannot see or access them without a password.
Why would you want to create a hidden drive? There are two main reasons. The first is because you have sensitive files as mentioned above. Perhaps you don’t want people to know they exist. The second reason is more serious. Recently a number of governments have implemented laws where you can be forced to provide encryption keys to officers (for example at airports) so that they can decrypt your files. It can be a criminal offence not to provide or to claim you have forgotten these keys.
Imagine if you could comply, give them a key that they can use, decrypt some files you don’t care about and still not have access to your sensitive files. Imagine if they could never prove that you were hiding any additional documents and that you could therefore show that you have been completely complaint with the law and yet still keep your files safe. This is now possible!
DISCLAIMER: I do not, and will not ever advocate breaking laws. If you fail to prove an encryption key when legally required to do so, you could breaking the law. Don’t do it.
How it works
Basically, first a container encrypted drive is created. Some non sensitive files are put on this drive. The remaining space is made up of random data. Then within this random data, a second hidden drive is placed. This drive can only be accessed with a second encryption key. Without that key it should be mathematically impossible to identify whether the random data is in fact random data or a second hidden encrypted drive. It could just be free space within the first drive.
When forced under coercion to provide an encryption key, you provide the first one. They can decrypt the first container drive. They see your not so sensitive hidden files. They cannot ascertain if there is anything in the free space remaining and you have complied with the law and provided the decryption key. Provided the dummy files you have provided are interesting enough they’ll probably be kept busy trying to work out why you encrypted them or simply feel happy you didn’t have anything worth finding.
The TrueCrypt system is easy to use, uses very strong encryption (US government agencies are authorised to use this cipher for all levels up to top secret), and is also Windows and Mac compatible for those people who share external devices with Windows / Mac systems too.
Installing TrueCrypt
TrueCrypt is not currently available in the repositories for various reasons (possibly licensing). However, it is opensource and free for you to use. You need to download it from:
http://www.truecrypt.org/downloads.php
Go to the Linux section and select Ubuntu DEB. 86 and 64-bit versions are available. It will come in a compressed file, so you’ll need to decompress it and then run the deb file. It should install itself from then. The GUI will become available in the ‘other’ folder in your applications menu. While you’re at it, make sure you have the ‘GParted’ package installed too. This is the GNOME Partition Editor and is available in the normal repositories.
Two Different Types of Drive
There are two different types of drive. One is stored like a normal partition on a physical drive. The other is stored in a container file. The file can then be stored anywhere that a normal file can. It can be renamed, copied, emailed etc. For the first example, we will use a physical drive. Then I will cover creating a file too. The benefits of a drive is that you just have don’t have a file lying about that could draw attention to itself. For onlookers it will appear you just have an empty unformatted drive. Maybe it’s new, maybe you haven’t formatted it yet (actually you are hiding stuff there). The benefit of a file is that you don’t need to do any formatting or partitioning, etc. You can send, move, copy, rename the file, etc. Both systems use the same technology and are essentially just as secure, except that the file option obviously suffers from all the usual security issues with having a file.
Using the Physical Drive Method
In this example, we will use a USB key. I’m using the whole drive, you can use a partition on the key if you want, but I’m going to use the whole drive for simplicity. Make sure there is nothing on the drive you need. Then open GParted. This can be found in the System / Administration / Partition Editor menu. Ubuntu should automatically detect the device. If it has mounted existing volumes, dismount (eject) them. In GParted, find the drive in the drop down list at the top right. In my example it is /dev/sdb (117.66). If you’re no sure, use the size to determine which drive. Warning, don’t follow the next few steps on your primary hard disk or you could delete everything on your PC!!!
As you can see in my example, there are no partitions. That’s what you want. If there are some existing ones, delete them (right click on them). Once you are finished, click on the apply button at the toolbar. It should bring you to a screen that looks something like the example. Unallocated is what you want. A disk that looks completely empty, no partitions. Remember the name of the drive (/dev/sdb in my case)
Setting up the Encrypted Drives
Open TrueCrypt (Applications / Other / TrueCrypt). Select Volumes / Create New Volume… Then select “Create a volume within a partition / drive”.
Then select “Hidden TrueCrypt Volume“.
You will now be prompted to select your device. Click on the “Select Device…” button and select the drive that we cleared earlier (/dev/sdb in my case).
Clicking on next will bring up a warning message. Provided you have selected the correct drive, there is no danger of clicking OK. Please check you have selected the correct drive before proceeding.
At this point it will ask you for the encryption type to use for the outer volume. In the example, I have used AES as it is the most common cipher. You can change it if you want.
It will now prompt you to enter the outer volume password. This is the password you might have to divulge under duress. It should not be a dictionary word and should include a combination of letters and numbers. You probably don’t want to have “Display password” on as in my example.
Now select your file system. I recommend FAT as it is readable in Windows as well.
The next screen will allow you to format this drive. Moving the mouse around a bit will allow you to generate a completely random seed to format the disk with. This fills it will random data. Finally, you will be prompted to open the outer volume.
This is where you have the opportunity to place a few ‘dummy’ files that someone would be able to see if you provided them with the dummy key.
When you have finished, close the browser for that drive and return to TrueCrypt. Click on “next” and you will be prompted to go through the processes again for the hidden drive.
You can just use the same encryption as you did for the first drive. Make sure that the password you use this time is different from the first one!
You will need to choose a size. This is the size that the hidden drive will take up. It needs to be smaller than the container drive because it sits in its free space. In my example I’ve chosen 120MB so as to leave a couple of megabytes to store the dummy files in. Select FAT as the file system again and format. You have now set up your hidden drives.
How to Mount the Drive
There are two ways to mount the drive – automatic and manual. Automatic is less hassle but takes longer, manual requires you to select the device.
In the main TrueCrypt dialogue, select “Auto-Mount Devices”. You will be prompted for your password. Here enter the password for the hidden drive (the second one you used earlier).
TrueCrypt will search and find your device automatically. It will mount it in /media/truecrypt1. This is your hidden drive. Feel free to use it as you wish. Files stored there are automatically encrypted.
Make sure you unmount it when you’ve finished. This can be done easily by right hand clicking on the TrueCrypt icon in the system tray and selecting “Dismount All Mounted Volumes”.
Manually Mounting
Let’s manually mount a drive and also see what happens if we try to mount the outer drive. Make sure you’ve dismounted the hidden volume, then click on “Select Device” button in TrueCrypt. Select your drive, then click on “Mount”. This time enter the first password you used.
It will mount the outer volume. Here you can see you dummy file that you used earlier. This is what other people would see you if were forced to divulge the fake key. Make sure you don’t add any more data to this drive as it will write over your secret drive. In fact, after setting up the outer drive, better not to use it at all. You can open in in protected mode so that the hidden system is protected. This is done using options in the mount dialogue.
For quicker mounting, you can add mount points to your favourites so that you can quickly mount that volume by right clicking on the TrueCrypt icon in the system tray.
Using a File
Instead of using a drive, you can create an encrypted volume and a hidden volume within a file. This is done pretty much the same way as in the first example, but you select “Create an encrypted file container” in the “Create New Volume” dialogue. When mounting those volumes, you will need to select the file instead of device.
Things to Remember
Following the above instructions should allow you to set up your hidden encrypted drives. Remember, always use the second password and so the hidden volume. Only ever give away the first password. Don’t write data in the container drive unless you’ve protected it. Make sure the dummy files look realistic or it will be harder to claim that it is you actual encrypted drive. Remember to dismount drives after you’ve finished using them. Operate a physical security regime.
Though it will take a very long time to brute force crack this strong encryption system, no system is ever safe against a brute force (guess every possible key) attack. Better to prevent someone coming into contact with your physical disk! Use long passwords that are a mixture of words and numbers that you can remember, other people cannot guess and are preferably not in a dictionary. For keeping a list of passwords secure, I recommend using KeePass. It is also available for Linux and Windows and uses strong encryption.
One thing that I really think should be added as default in Gnome is the root file browser. So often one needs to adjust permissions or move/copy a file outside the home area.
A quick and easy way to set up a link is to edit a new file:
“gksudo gedit /usr/share/applications/Nautilus-root.desktop” and add the following:
[Desktop Entry]
Name=File Browser (Root)
Comment=Browse the filesystem with the file manager
Exec=gksudo “nautilus –browser %U”
Icon=file-manager
Terminal=false
Type=Application
Categories=Application;System;
Was sad to read today on TechPress that PCLinuxOS is going to split. I really feel that right now the linux community doesn’t need more fragmentation. Of course it’s great that there are so many distributions out there catering for a wide variety of tastes and demands, but what Linux badly needs right now is a core of large dists that are stable, updated reliably and with a community large enough to create the critical mass needed to really challenge the other OS players (specifically Windows and MacOS). PCLinuxOS does fall into this category and so I feel it’s sad that the community is likely to split.
There are already 101 smaller options and to be quite honest there are arguable only 5 or so mainstream popular titles to chose from. In my opinion, the PCLinuxOS community needs to rally and sort out their infighting. Having a founder / ‘owner’ who disappears for a year is clearly not acceptable, but is that really a reason to break up the project? People must accept in any community there will always be those who don’t agree. If a democratic system is set up with clear guidelines over who is in control and a mechanism to ensure decent project leadership this really shouldn’t be an issue. I think what people need to realise is that the project is bigger than they are and that sometimes we need to put our differences aside for the greater good.
I’ve long been a fan of Ubuntu, my favourite brand of Linux. It’s fast, has all the features I need, has a great community and feels good….. only thing is, there are of course some areas where I feel like it’s not quite finished.
Enter linuxMint. Mint is a great distribution built on Ubuntu that finishes off all the little unpolished areas that Ubuntu lacks.
Here are my 10 reasons to use Mint instead of Ubuntu:
- It is Ubuntu anyway – you get everything in Ubuntu and more.
- It looks soooo much nicer – swap dodgy orange for sexy green.
- Start menu style launch system makes loading applications fast and un-clunky.
- Software installation system simplified with great selection of commonly used applications.
- Great selection of packages pre-installed.
- Applications are reviewed and have screenshots so you can see what packages are like before installing them.
- Codecs for all your standard media comes installed and works out of the box.
- Grub runs in full graphics mode as standard and doesn’t look like something from 1987.
- Fully compatible with your existing ubuntu setup, runs on the same repositories.
- Lots of small tweaks like fonts setup and my own favourite – decent out of the box East Asian language support.
Go on….. give it a try: http://www.linuxmint.com/
These fonts are very useful for viewing Japanese text. They were designed by Ricoh and are owned by Microsoft. Although they are freely available on the internet, they are not freeware. They are governed by Microsoft licenses, but you are able to download and use them for free. The files come from www.themeworld.com.
MS Gothic
This is a sans serif font. It has both nice looking Western and Japanese faces.
MS Gothic
MS Mincho
This is a serif font. It too has both nice looking Western and Japanese faces.
MS Mincho