Chuck@Home | GPG Made a comeback in my workflow

GPG Cheat Sheet

GPG (Gnu Privacy Guard) is a piece of software that can basically do two things:

encrypt/decrypt every kind of data so that only you or the persons you choose are able to read/use it.
sign/verify data so that you can be sure that the data originates from the person you think it originates from.

Link to the official GPG project
Why use it?

Whether or not you want to use encryption is of course up to you. Something that many people don’t seem to keep in mind is that E-mail is not confidential in any way. It’s as if you were writing on postcards, not even using an envelope. Everyone who happens to handle the e-mail or access the account on the server can read the entire mail without you noticing. If you want any modicum of privacy in your email, tweets, documents, chats – you should defininately consider it. I encrypt my mail traffic and have started signing my mails so recipients have it on good faith that the email has originated from me.

Should they want to send me something in private, the fact I’m signing these e-mails with my public key affords them the opportunity to do so. It’s a win/win – you know it’s me, and you can talk to me in secret if you have some account credentials to mail over (for example).

I really have to applaud the efforts of, trying to make security through GPG a popular item again. I’ve recently seen the volume of PGP verified mail subside as we move to a more mobile web. Abandoning cryptography in the wake of convenience of swiping communications off screen, and not really caring who the originator was. We take full faith from the From: line assuming our Big Provider has done their due dilligence in keeping out the riff raff.

Keybase makes it easier for cryptography noobies to get started, by giving them a Browser based implementation of OpenPGP. There are some concerns there by security experts – as there should be. But there’s nothing stopping you from using normal GPG with the service – and uploading only your public key to Keybase.

In Addendum, they also offer a public verification service – where you can sign messages with your GPG key and have them verified in keybase – to identify that you are who you say you are across some of the most popular online networks.

Pretty cool!

Chuck@Home | GPG Made a comeback in my workflow.


UK makes ODF its official documents format standard

In 2006 and 2007, there was an enormous documents standards war between Microsoft, with its OpenXML documents format, and the open-source community with its Open Document Format (ODF).

In the end, Microsoft, while  eventually supporting ODF , won. ODF, while still supported by such popular open-source office suites as LibreOffice and OpenOffice, became something of an after-thought.

The UK Minister for the Cabinet Office Francis Maude, said in prepared remarks the, “Government will begin using open formats that will ensure that citizens and people working in government can use the applications that best meet their needs when they are viewing or working on documents together.”

Specifically the selected standards are:

  • PDF/A or HTML for viewing government documents
  • ODF for sharing or collaborating on government documents

The UK made this decision, Maude said, because: “Our long-term plan for a stronger economy is all about helping UK businesses grow. We have listened to those who told us that open standards will reduce their costs and make it easier to work with government. This is a major step forward for our digital-by-default agenda which is helping save citizens, businesses and taxpayers £1.2 billion ($2.05bn) over this Parliament.”

Andrew Updegrove, a world-recognized standards expert and founding partner of the law firm Gesmer Updegrove, said on his standards blog, ConsortiumInfo, about the decision:

“The U.K. Cabinet Office accomplished today what the Commonwealth of Massachusetts set out (unsuccessfully) to achieve ten years ago: it formally required compliance with the ODF by software to be purchased in the future across all government bodies. Compliance with any of the existing versions of OOXML, the competing document format championed by Microsoft, is neither required nor relevant.”

In an e-mail interview, Updegrove told ZDNet that it’s been a “very long and difficult road” for anyone watching the saga.

“But in the end, the sound reasons for insisting on truly open, independent standards created with the user and not the vendor in mind has begun to prevail,” he said.

read more at:

Judge Clobbers Patent Troll


, , , , ,

Judge Otis Wright of the Central District of California invalidated five claims in one of MyMedicalRecords’ patents in a case involving Walgreens, Quest Diagnostics, WebMD, and more. Wright’s decision [PDF] is one of many new cases that have implemented the Supreme Court’s recent ruling in Alice v. CLS Bank, a groundbreaking decision that basically says: you can’t make an abstract idea patentable by simply adding “do it on a computer.”

In the case, MyMedicalRecords asserted a patent that covered a method of providing online personal health records in a private, secure way. Wright rightfully found that “the concept of secure record access and management, in the context of personal health records or not, is an age-old idea,” and is therefore abstract.

Now, according to the “Mayo test” that Alice deemed courts should use, an abstract concept could be patentable if it’s associated with some sort of “inventive concept” that goes beyond just the abstract idea.  In the case of MyMedicalRecords’ patent, though, the additional claims fell flat, involving only “routine, conventional functions of a computer and server.” Under Alice, this patent is as good as gone.

What about the other patents MyMedicalRecords mentioned in its demand letters and lawsuits? Those—all similar to the recently invalidated one—are in a precarious position right now. This recent decision sets a strong precedent that should make the company think twice about going after any other healthcare providers, who now have strong ammunition to fight back against infringement claims.

This is great news, but it only comes after the initiation of a lawsuit against some deep-pocketed defendants who had the ability to fight back.

Read more at:

European Commission updates its open source policy


, , , , , , , , , ,

The European Commission (EC) wants to make it easier for its software developers to submit patches and add new functionalities to open source projects. Contributing to open source communities will be made central to the EC’s new open source policy, expects Pierre Damas, Head of Sector at the Directorate General for IT (DIGIT). “We use a lot of open source components that we adapt and integrate, and it is time that we contribute back.”

Damas and his colleagues aim to remove barriers that hinder code contributions to open source software, he announced yesterday at a conference in Brussels. The Commission wants to clarify legal aspects, including intellectual property rights, copyright, and which author or authors to name when submitting code to the upstream repositories. “It is easier said than done,” Damas warned.

He anticipates that reinvigorating the policy will motivate many of the EC’s software developers and functionaries to promote the use of free and open source software at the EC. “Having a strategy helps them to advance the use of open source.” The policy can help nudge others to consider open source, Damas added. “When a little push is needed.”

On Wednesday, December 3, the Head of Sector gave a preview of the EC’s open source policy at a workshop on open standards for ICT procurement. The update of the EC’s policy is a work in progress, and will be finalized in the first months of 2015.


EC policy makers recognise that open source reduces their ICT costs, makes possible the modernisation of government services and will strengthen European ICT service providers, Damas said. “Our internal policy is changing, and open source use will be given promoted. When procuring software products, we will consider open source alongside proprietary alternatives, based on value for money. In defined areas, for example Information Systems development distributed externally, we will give open source priority.”

The EC is already using a lot of open source tools, he added, including for servers, for its web solutions and on the EC desktops. “We have over 10,000 Apache web servers, over 1800 hosts running Red Hat Linux and Drupal will be the core engine of the new Europa website. Our developers use a lot of open source tools and code libraries.”

Gently disruptive

DIGIT is not considering the restart of a Linux desktop pilot. A small-scale pilot already took place in 2005, with two hands full of EC volunteers at DG INFSO using Linux and OpenOffice, showing that a Linux desktop was feasible, Damas said. However, the exit costs—to move away from the proprietary system—were too high.

Read more:

Fedora 21 : Video Overview and Screenshot Tours


, , , , ,

Fedora 21 has been released and announced by fedora project, This release fedora Fedora-21-Desktop21 available in three flavors: Fedora 21 Cloud, Fedora 21 Server, and Fedora 21 Workstation.

Fedora 21 Workstation The Fedora Workstation is a new take on desktop development from the Fedora community. Our goal is to pick the best components, and integrate and polish them. This work results in a more polished and targeted system than you’ve previously seen from the Fedora desktop. We want our desktop operating system to solve your problems, not be your problem.

Fedora 21 Workstation features all of the latest GNOME 3.14 software, is powered by the Linux 3.17 kernel, and has a ton of other improvements and changes.

Fedora 21 Server The Fedora Server flavor is a common base platform that is meant to run featured application stacks, which are produced, tested, and distributed by the Server Working Group. Want to use Fedora as a Web server, file server, database server, or platform for an Infrastructure-as-a-Service? Fedora 21 Server is for you.

Fedora 21 Cloud : The Fedora Cloud Working Group and Special Interest Group (SIG) has been busy leading up to Fedora 21. Cloud is now a top-level deliverable for Fedora 21, and includes images for use in private cloud environments like OpenStack, as well as AMIs for use on Amazon, and a new “Atomic” image streamlined for running Docker containers.

Read more at:

Stealth “Turla” Malware Infects Unknown Number of Linux Systems


, , , , , , ,

The Linux Turla is a new piece of malware designed to infect only Linux computers, which has managed to remain relatively hidden until now and has the potential of doing a lot of harm. Unfortunately, very little is known about it or how to fix it.

During the course of almost a year, the guys at Kaspersky Lab discovered a cyber-espionage operation which they called the “Epic Turla.” According to their research, more than 45 countries have been affected and that includes government institutions, embassies, military, education, research, pharmaceutical companies, and a lot more domains. It seems to be an organized effort, probably with a nation backing it up.

These problems were Windows-only and it looked like it will remain that way, but it turns out that “Turla” did not affect Windows systems exclusively. In fact, Linux systems are also vulnerable, to a different kind of code, which seems to be a part of the same organized effort to compromise computers on a global scale.

I don’t know when. I don’t know where. But something bad is going to happen

This could be something Donald Rumsfeld might say, but the truth is that is almost the conclusion Kaspersky researchers posted on Until now they have only become aware that this problem exists, but it will be hard to fix.

“This newly found Turla component supports Linux for broader system support at victim sites. The attack tool takes us further into the set alongside the Snake rootkit and components first associated with this actor a couple years ago. We suspect that this component was running for years at a victim site, but do not have concrete data to support that statement just yet.”

“The Linux Turla module is a C/C++ executable statically linked against multiple libraries, greatly increasing its file size. It was stripped of symbol information, more likely intended to increase analysis effort than to decrease file size. Its functionality includes hidden network communications, arbitrary remote command execution, and remote management. Much of its code is based on public sources,” wrote the Kaspersky researchers.

From what the researchers have managed to put together until now, it looks like it links to three libraries, glibc2.3.2, openssl v0.9.6, and libpcap. The hardcoded C&C that hosts known Turla activities is news-bbc.podzone[.]org (from pDNS IP: Kaspersky Lab is currently sinkholing that address.

It doesn’t need root

One of the most interesting aspects of this Turla cd00r-based malware is that is doesn’t require elevated privileges,

Read more at:

SeaBED Sub Makes 3D Map of Underwater Antarctic Ice and It’s Powered by Ubuntu 8.04


, , , , , , , , , , ,

A new study regarding the ice thickness has been published

The SeaBED submersible has just finished a mission under the Antarctic ice and the scientists have concluded that the ice there is much thicker than previously expected. All of this was done with a sub powered by Ubuntu 8.04.

It’s a well-known fact that Linux is the preferred tool for scientists and this operating system is used in numerous scientific endeavors, on land, under water, or in the air.

In fact, Ubuntu has been spotted over the Atlantic during a NASA mission, it’s been seen in the JPL laboratories, and now it’s also powering the small and powerful SeaBED submersible and it’s at the center of a very interesting research.

The new 3D maps of the Antarctic sea ice made with SeaBED are the result of a joint effort between scientists from USA, UK, and Australia. The findings of their study, which revealed the fact that the ice has a much greater thickness than previous thought, has been published in Nature Geoscience.

SeaBED is changing our understanding of climate change

The study will be very helpful to better understand climate change and its effect on the largest concentration of ice on the planet, which is in Antarctica. The study itself is pretty interesting, but the fact that it uses Ubuntu 8.04, which is a rather old system, is the icing on the cake.

“It also has a WHOI MicroModem for acoustic communication and navigation, and a SeaBird CTD sensor for measuring salinity and water temperature. The main computer is a 1.2GHz Pentium processor, running Ubuntu Linux 8.04. The custom vehicle software is primarily written in the C programming language.”

“The objective of the Seabed AUV is to serve as a readily available and operationally simple tool that allows rapid testing of docking methodologies and imaging algorithms. We expect to actively pursue repeat surveys for change detection and quantification in areas such as: sidescan sonar survey, photomosaicking, 3D image reconstruction from a single camera, image based navigation, and multi-sensor fusion of acoustic and optical data,” reads the entry on the Autonomous Undersea Vehicle Applications Center.

Read more at:

Who’s Lying About Whisper?

Threats to our Civil Liberties, how Big Brother keeps snooping on us!


Separately, Whisper has been following a user claiming to be a sex-obsessed lobbyist in Washington DC. The company’s tracking tools allow staff to monitor which areas of the capital the lobbyist visits. “He’s a guy that we’ll track for the rest of his life and he’ll have no idea we’ll be watching him,” the same Whisper executive said. – The Guardian

As far as I can tell from what The Guardian has alleged, and from Whisper’s denials, what happened is this:

1. When talking to potential partners, Whisper hypes its ability to track users so that those partners will know who the anonymous sources are and then write stories based on the data. The screenshot of the Whispers being written from (or near) the White House supports this (below), as does the quote above.


2. But when Whisper talks to the public, they say different things and deny that…

View original post 98 more words

CAINE Linux Distribution Helps Investigators With Forensic Analysis


There is no shortage of Linux distributions to serve specific markets and use cases. In the security market, a number of Linux distributions are widely used, including Kali Linux, which is popular with security penetration testers. There’s also CAINE Linux, which is focused on another area of security. CAINE, an acronym for Computer Aided INvestigative Environment, is a Linux distribution for forensic investigators. Instead of penetration testing tools, CAINE is loaded with applications and tools to help investigators find the clues and data points that are required for computer security forensics. Among the tools included in CAINE are memory, database and network analysis applications. CAINE is built on top of the Ubuntu Linux 14.04 distribution that was released in April. Rather than use the Ubuntu Unity desktop environment, CAINE uses the MATE desktop. The CAINE 6.0 “Dark Matter” operating system was first released on Oct. 7 and includes new and updated applications to help forensics investigators. CAINE can be run as a live image from a CD or USB memory stick and can also be installed onto a user’s hard drive.


Read more at:

Munich Library offers free Ubuntu 12.04 CD’s for Windows Users!


, , , , , , , , , ,

The city of Munich is now providing free Ubuntu 12.04 LTS (Precise Pangolin) CDs for the citizens of the city, in an effort to increase the adoption of open source software.
Munich has been at the center of a very heated debate this past couple of months, after the media picked up some statements made by a couple of people from the mayor’s office regarding a switch to back to Windows from Linux.

In case you are not up to speed with everything, you have to know that the administration of the city has switched from Windows to a Linux operating system. The implementation of an open source solution took years, but in the end the Munich authorities said that they had managed to save millions of dollars, a sum that has been disputed by Microsoft on a number of occasions.

The latest heated debate regarding this migration was all about nothing. The LiMux project that is now running in Munich is quite successful and it’s safe from any kind of lobbying or political interference from the local government. Its creators made sure that no one could interfere with it, unless there was a good reason to do it.

Now, it looks like Munich is also trying to educate its citizens in the use of open source and the Munich City Library is providing free Ubuntu 12.04 LTS (Precise Pangolin) CDs to anyone who wants one, free of charge. This is not the first time that the Library had this initiative, but it seems that the new one was announced soon after the Microsoft and Windows debacle in the news.

Read more at: