Quoted

A tweet was recently posted featuring an advert claiming Firefox is the better browser in terms of respect for privacy:

Sadly, this isn’t the case, as this Pale Moon update clearly describes:

https://forum.palemoon.org/viewtopic.php?t=16154&p=117375#p117375

So, if you use #Firefox, best to expect information leakage back to #Google anyway.  If you value your privacy and want a functional browser, check out Pale Moon!

#palemoon

Also on:

#CITIZENFOUR

For those who value freedom.

I was lucky to have spotted a recent social media post, alerting me to showings of CITIZENFOUR in London over the past weekend. CITIZENFOUR, in case you are not aware, is a film made by celebrated filmmaker Laura Poitras (Praxis Films), who accompanied journalists Glenn Greenwald and Ewan MacAskill to Hong Kong to interview Edward Snowden in the summer of 2013.

My partner and I took a train to Wimbledon. It was an uncharacteristically warm day, summer-like in all regards except the browning of the leaves. The trees looked tired as we marched along to the station; we weren’t missing this film for anything.

In contrast to the anticipation building up inside of me, waiting to see this film, Wimbledon itself was very ordinary. People going about their normal lives. Appetizing whiffs of just-cooked food were wafting over from the market stalls. Traffic was permanently in a hurry with barely any regard for pedestrians’ safety. And the shoppers held an equally high regard for the traffic too, voluntarily stepping out in front of anything coming.

And the shoppers …
voluntarily stepping out in front of anything coming.

The matinée showing at the bijou HMV Curzon cinema was starting just after lunch. I wanted to get there early so that, in anticipation of the queues, we would be assured of a good seat. When picking up our tickets, we spoke to a member of staff behind the bar/counter about the expected numbers.

Staggeringly, four seats had been booked. Including ours. Citizens: four.

To my slight relief, more than four people eventually turned up and attended the showing. Twenty, maybe. Perhaps thirty, tops. In a 110-seat room. And they were comfortable seats too. The best you’d find in any cinema, with lots of leg room and deep, comfortable cushions.

A Tale of Two Cities

After reading Lawrence Lessig’s blog post of his recent cinema outing in Cambridge, Massachusetts, with 500 movie-goers attending their picture house, I wondered how there could be such disparity across the pond. For us, there was no line to stand in before entering, and perhaps adding insult to injury, our tickets were not even checked by a member of staff when we walked in to pick our (unallocated) seats.

Perhaps it was the over-air-conditioned screen that turned people away. Considering that outside it was the very end of the British summer and we saw temperatures of 20 deg C, inside was another story altogether. We were lucky if it was more than 14. But I don’t think this was the reason for the poor turn-out; any evidence of forward-thinking would surely have improved the attendance?

What does this say about continued British apathy towards such fundamental issues?

A somewhat senior lady who attended the film, mentioned to me on her way out, “I don’t think I meant to come and see that. I thought it was something else.Citizen Kane, perhaps? I hope she wasn’t one of the original four who bought in advance…

Perhaps people felt it was a story already told. In some ways it was – but arguably, in many ways the whole story had not been told until now. A couple of reveals towards the end of the film were new information to me. Stuff I wasn’t aware of, from reading the Snowden book.

The Wombles

I am glad that a healthy number of people in the US are curious about this subject and decided to explore it further. You might expect this from the residents of Cambridge (Mass.), with its connection to Free Software and socio-political activism, and well done to them.

So, a quick glance at the population numbers of both areas provides some fairly meaningless stats on which to close.

Cambridge’s popn = 107,000 or so. Wimbledon’s: around 60,000.  Roughly speaking, for every 214 residents in Cambridge, one person attended Saturday’s matinée there. Only one person of every 3,040 in Wimbledon managed the same feat.  What does this say about continued British apathy towards such fundamental issues?

I am left feeling that provided Centre Court and strawberries are always available, Wimbledon won’t care much.  Unless, of course, someone personally has an infraction with the law, as a result authoritarian paranoia.  Then, perhaps, it might fill a column in page 7 of the local rag.  Residents might even chat about this at a local pub, in-between opinions on the state of the brew.

But to complain against wrongdoings is normal.  It’s human nature to focus on the oppressors rather than the oppressed.   Luckily, for us, in respectable communities there still burns a glimmer of hope that sense may prevail.

If it hasn’t been said enough times already, let it be said once more: Emacs and org-mode are quite probably the best way ever to organise your personal life.

Emacs, for starters

Emacs as a text editor is rock solid. If you have a computer where you type in text and which:

  • is web based (e.g. a chromebook)
  • has any kind of touch interface (a tablet, phone)
  • is running a heavy GUI (graphical user interface)

.. then you are certain to observe a certain lag on input. It might be very slight, but it will likely be there. I know this to be the case for many devices out there, even those which purport to be “high-end”.

With Emacs, there seems to be a much more direct connection to the keyboard: you type, text appears. You type faster, text appears faster. In fact, text is capable of appearing much more quickly than you can possibly type. This makes blogging quick and painless.

org-mode, for main course

Life in Emacs simply came to be, through org-mode. Emacs itself is amazing; org-mode made organising data even better. A quick refresher:

  • org-mode creates everything in plain text, for maximum portability between systems
  • it is known as an “outline mode” enhancement for Emacs, meaning it helps to display semi-structured text effectively
  • it allows for the creation of lists – of projects, tasks, notes, links … you name it, anything that can be represented in text
  • it is portable, allowing for synchronisation with mobile devices
  • using Emacs, it is powerful – allowing org-mode notes to interact with other aspects of Emacs
image of org-mode
org-mode in action: showing a list of links

Org-mode also supports all sorts of fancy formatting and customisation, meaning text can look good and be easy to follow.

org2blog, for desert

What would all this power be for, unless blogging! 🙂

Actually, blogging is just one activity which benefits greatly from the power of org-mode, as org’s powerful and easy formatting options are seamlessly translated into HTML and published to a blog.

In my case, I’m using a WordPress site. I create a new post using the commands

M-x org2blog/wp-login
M-x org2blog/wp-new-entry

I then type in my post and save it to a local file, using

C-x C-s

and then post it to WordPress for subsequent tweaking, with

M-x org2blog/wp-post-buffer

I can then add some final polish and check the format in WordPress before final publishing.

As a demo and an indication of speed, this blog post took only 5 minutes to write, post, edit and publish.

Part #2 of the Data Liberation series

Mozilla, the organisation behind the ubiquitous Firefox web browser, kindly publishes its source code powering a key service which it provides – Firefox Sync.  Because of this, we are able to run our own password sync servers securely and not necessarily be the target of a large-scale data-mining break-in, such as might be performed by a malicious cracker, or the NSA.  Sorry, of course they are the same thing.

FFirefox logoirefox Sync is a neat service which allows you to, quite literally, sync your settings in Firefox across multiple devices.  These settings can include bookmarks, web browsing history, cookies, form-filling data and passwords.  Anyway, I too was keen to run my own password sync server, so I set about doing just that.

I host quite a bit of stuff using Virtualmin, another superbly produced piece of software which facilitates the set-up of multiple domains on a single box. Setting up Firefox Sync on your own server under virtualmin is actually very straightforward.

The main task at hand is to follow the detailed instructions published by Mozilla.

As per the instructions, I had to run the following, in order to install required software:

# apt-get install python-dev mercurial sqlite3 python-virtualenv libssl-dev

In addition, I also needed to install and enable the WSGI Apache module, which wasn’t present on my system (drawing in dependencies as needed):

# apt-get install libapache2-mod-wsgi

I decided to install the Mozilla sync software in the home directory of my newly created domain, which in Virtualmin is either “/home/domain” or “/home/domain/domains/subdomain”, depending on whether you have created a subdomain for this specific purpose or not.  In the subdomain situation, the folder path would end up being: /home/domain/domains/subdomain/server-full.

Once installed, I inspected the Apache config file. A key change I had to make was to the WSGI configuration within this file. On my Debian box, the Apache config files are located in the standard place: /etc/apache2/sites-available – the same would be true for Ubuntu (on CentOS and other RHEL/Fedora derivatives, you’ll probably find them in /etc/httpd/conf.d/). Once you have created your domain in Virtualmin, your domain’s config file should be within this folder, appropriately named “domain.com.conf”.

In the “domain.com.conf”, there are a few lines to add and one to edit:

Firstly, find the DocumentRoot declaration:

DocumentRoot /home/mydomain/domains/subdomain/public_html

and change it to:
DocumentRoot /home/mydomain/domains/subdomain/server-full

Next, you’ll need to insert the following lines, within the same stanza as DocumentRoot (the best thing is to adjust and paste these lines directly after DocumentRoot:

WSGIProcessGroup sync-http
WSGIDaemonProcess sync-http user=<your-virtualmin-domain's-user> group=<your-virtualmin-domain's-group> processes=2 threads=25
WSGIPassAuthorization On
WSGIScriptAlias / /home/mydomain/domains/
subdomain/server-full/sync.wsgi

The above example assumes that you are working within the :80> stanza. If you have enabled SSL on your virtual server, within Virtualmin, then you’ll also have a :443> stanza to add these lines to, with one or two exceptions!

A WSGIDaemonProcess is assigned to each virtual server in Apache. In doing so, it creates a system process which requires a name. According to the WSGI docs, this name must be unique:

“[…] note that the name of the daemon process group must be unique for the whole server. That is, it is not possible to use the same daemon process group name in different virtual hosts.

When you come to pasting in the additional lines in your :443 stanza, you are dealing with a separate virtual server in Apache.  So, within your Apache config file, be sure to rename your WSGIDaemonProcess process name. E.g.:

WSGIProcessGroup sync-https
WSGIDaemonProcess sync-https user=<your-virtualmin-domain's-user> group=<your-virtualmin-domain's-group> processes=2 threads=25

This configuration should now be valid. You can test this with:

service apache2 reload

This won’t stop the current Apache process, but it will attempt to load the new configuration file. If it fails to load the config, it will tell you without stopping Apache.

Once this works, simply issue:

service apache2 restart

Syncing on mobile

If you intend to use Firefox on Android, or any other mobile Firefox (or clone) that supports the same syncing protocol, there is one caveat.  If you are using an unsigned or self-signed SSL certificate on your sync server, you should visit the site first in your mobile Firefox and add a permanent exception.  Once done, set up firefox sync in the normal way, by typing the characters into your desktop browser’s sync dialog, and the two browsers will shortly be synced up nicely!

[ This is a retrospective publication ]

It takes heroes like Edward Snowden to reveal how malicious governments can become. The Snowden revelations during the summer of 2013 showed that not only does everyone have to be wary of internet-based “threats”, but that those threats could be in the form of legally-appointed agencies seeking to catch out anyone who accidentally clicks something they shouldn’t.

Worryingly, despite the big players’ assurances of high levels of security, a post on Ars Technica discusses (and links to) slides created by the NSA, and leaked by Snowden, showing how Google’s international internet traffic was intercepted, analysed and understood – for a variety of its services. Thankfully, more heroes have recently stepped forwards with updates of their own.

My heroes today are +Brandon Downey and +Mike Hearn, who have voiced their contempt for the authoritarian misuse of power with, as we like to call it, the two-fingered salute (this would be one finger in the US…).

Google, too, has a data-collection objective

Let us not forget who Google is and what it does.  Yes, while its employees might be upset that their systems’ security has been brought into question, their employer’s mission “is to organize the world’s information and make it universally accessible and useful”.  So Google, too, has a data-collection objective.

The good thing about the Snowden revelations, if indeed any of them can be “good”, is that it has revealed how much work still needs to be done and how much we assume our data won’t be intercepted and inspected. It’s no longer safe to think like that, and the use of encryption should be mandatory between two end-points.

But now that the larger players are catching up with better security implementations, who is there to help the smaller players? Running a hosting outfit myself, I know how much time is required to stay informed with regards to common exploits and vulnerabilities, as well as implementing working solutions when certain zero-day exploits are revealed. Every internet service provider, hosting company and other entity transacting business via the internet has a responsibility towards safeguarding confidential data. How many take it seriously enough?

It’s time the larger players stepped up and started working collectively in a security community designed to help the smaller players in the market, rather than try to pwn the market itself; if that were to happen, the purpose of the internet would be destroyed and the argument moot.