Tag Archive for Privacy

Linux User & Developer, Issue 149

Linux User & Developer Issue 149This month’s Linux User & Developer features my usual four pages of news from the world of openness alongside a review of some interesting software I’ve been playing with: Keybase.

Created, oddly enough, by the co-founders of dating site OkCupid, Max Krohn and Chris Coyne, Keybase is technically little more than a wrapper around the open-source Pretty Good Privacy (PGP) implementation GNU Privacy Guard (GPG). Conceptually, however, it turns the entire PGP/GPG concept on its head, and in doing so aims to make it as easy as possible for less technical types to enjoy the benefits of strong cryptography.

A quick backgrounder: PGP/GPG use public-key cryptography, which is a highly-secure method of sharing secrets. Rather than traditional encryption, which requires a secret known to both parties, public-key cryptography splits the secret in two: the public key is available to anyone, but can only be used for encryption; decryption requires the private key, kept secret. It can be best imagined as an extremely secure padlock: I can give you the padlock, but once you’ve snapped it shut only my key will open it again.

The trouble then comes from verifying that the public key you’ve encrypted to genuinely belongs to your intended recipient, and not to a third-party trying to eavesdrop on your conversation. In the PGP/GPG world, this is assured by a ‘web of trust’ in which individuals physically meet and verify the identity of others, whose public keys are then cryptographically signed. Secure, but awkward.

Keybase’s solution: automated verification powered by social networking. ‘Proofs’ are posted to various social networks, currently ranging from Twitter and Reddit to Coinbase and even the DNS records of your personal website. These proofs are cryptographically signed with your private key. When someone wants to encrypt a message to you, they can verify these proofs through the Keybase website – or, for improved security, an open-source command-line application which wraps around GPG – to confirm that the key they are using belongs to the person in control of said accounts.

Coupled with a neat web interface which allows, among other features, non-members to quickly send encrypted messages to any Keybase member, it’s a great project. While it’s currently in beta, it shows considerable promise – and given the government du jour’s focus on eroding privacy, it’s something everyone should at least consider playing with.

To read the full review, plus my ever-enlightening four-page news spread and event calendar, head to your local newsagent or supermarket, or grab a digital copy via Zinio or similar distribution services.

Linux User & Developer, Issue 138

Linux User & Developer Issue 138Aside from my regular four-page news spread, this month’s Linux User & Developer includes two reviews: the Intel Galileo board, the company’s Quark-based answer to the Raspberry Pi; and the Pogoplug Safeplug, a Linux-based privacy-enhancing TOR gateway.

First, the Galileo. I was lucky enough to get my hands on one of the first retail units to hit the UK, and was eager to see what Intel had come up with. Based on its low-power Quark processor, which is a die-shrunk version of the classic Pentium instruction set architecture, the Galileo boasts full x86 compatibility and plenty of on-board connectivity. Where it differs from its rivals – and anything Intel has ever produced before – is that it’s also Arduino certified, and fully compatible with shields developed for that microcontroller’s esoteric pin layout.

It promises much: on-board Ethernet, out-of-the-box support for existing Arduino sketches, the ability to run a Linux environment, and even a mini-PCI Express slot on the rear for adding in wireless connectivity or other additional hardware. Can it live up to expectations? Well, you’ll have to read the review to find out.

The Pogoplug Safeplug, despite what the contents page splash might suggest, is not a storage device; rather, it’s a modified version of the company’s existing embedded storage gateway product to find a new market in the post-Snowden world. Connected to your internal network, the Safeplug acts as a gateway to the TOR network; all traffic is encrypted and anonymised with little client configuration required. As an added bonus, there’s even an advertising removal feature.

My verdict on both devices, plus stories covering Ubuntu 14.04, the Intel Next Unit of Computing, the Penn Manor School’s move to Linux, a ÂŖ15 Firefox OS smartphone, Cisco’s IoT security challenge, the Nokia X and more can be yours in newsagents now. Alternatively, you can get the magazine digitally via Zinio.

Custom PC, Issue 128

Custom PC Issue 128In this specially-numbered issue of Custom PC – the issue in which a signed eight-bit integer would overflow, in case it wasn’t obvious – my regular five-page Hobby Tech column covers turning a Raspberry Pi into a TOR proxy, using the Keyrah v2 on an old Amiga A1200 chassis, a review of the Intel Galileo, and a look at the daftest Pi accessory yet. If that weren’t enough, there’s also a two-page interview with the UEFI Forum’s Mark Doran to enjoy.

First, Hobby Tech. In this month’s tutorial, I show the reader how to turn a Raspberry Pi Model B – or Model A with optional USB network adapter – into a proxy that provides access to TOR, The Onion Router Project, a privacy-enhancing network that encrypts your internet traffic and shuffles it around before popping it out of a random exit node. Although it’s possible to run TOR software directly on a PC, having a hardware proxy can help get otherwise unsupported devices – like the Apple iPad – onto the TOR network.

The piece on the Keyrah v2 came about when I was looking for ways to use the chassis and keyboard I had replaced on my Amiga 1200. Although badly yellowed, the keyboard was fully working and throwing it away seemed a shame; thankfully, the Keyrah makes that necessary by interfacing with the Amiga keyboard and turning it into a USB keyboard for modern machines, while also providing two connectors for traditional joysticks. Coupled with yet another Raspberry Pi, it was possible to turn the empty A1200 chassis into a fully-functional computer – and surprisingly quickly, too.

Intel’s Galileo is the company’s first Arduino-certified device, and a showcase for its Quark processor. Based on the original Pentium architecture – complete with the F00F Bug erratum – the Quark is Intel’s attempt to take on ARM in the embedded space, and if the Galileo is any indicator it still has a way to go. Slower at general-purpose computing than a Pi and at IO than a true Arduino, the Galileo is hard to love – but the presence of a mini-PCIe socket on the back suggests it could find a home in more complex projects.

Finally for Hobby Tech, there’s a look at cooling a Raspberry Pi with the smallest active heatsink I’ve ever seen. Barely covering the tip of my finger, the heatsink was an impulse purchase from eBay and cost nearly as much as the Pi on which it is attached; it’s certainly eye-catching, however, and my core temperature readings may be of interest to anyone using a Pi in high ambient temperatures or in cases with otherwise stagnant airflow.

My last contribution to this issue is the interview with Mark Doran. While the extract published in Linux User & Developer concentrated mainly on Secure Boot and its increasing adoption after initial fear in open source projects, this extract looks more at UEFI itself and how it came to be. For historical interest, there’s also what I believe to be the first comprehensive time-line of the BIOS, beginning in 1975 with Gary Kildall coining the term to describe part of his CP/M operating system.

All this, plus the usual selection of stuff written by people who aren’t me, is available at newsagents, corner shops and supermarkets now, or digitally via Zinio and similar services.

Talk Radio Europe – Google’s New Privacy Policy

I was asked to talk to Mark Curry – of Blue Peter fame – on his ‘Curry for Breakfast’ morning show for Talk Radio Europe, in order to provide an informed opinion on precisely what Google’s recently changed privacy policy means for its many users and whether those who value their privacy should be concerned at the increased amount of data sharing the new policy permits.

Despite being referred to as a writer for ComputerWorld a couple of times – for the record I’ve never written for ComputerWorld, although the publication has used extracts of my articles from other sites and publications in its stories – it went pretty well.

My section of the show is reproduced here, in MP3 format: Talk Radio Europe – Mark Curry, ‘Curry for Breakfast’ 20120302.