Posts Tagged ‘windows’

Secure Email Communications

Sunday 4 January 2015 Leave a comment

As previously noted, I don’t anticipate actually needing encrypted communications for myself. However, some of you may see a need, or other folks may come into my world feeling the need.

Encryption is touted as primarily a means of digital privacy. If you worry about people intercepting you communications and seeing what’s in them, then encryption reduces the risk. I maintain that my bigger concern is not so much snooping as that someone might change my message. It turns out that encryption can support that in some contexts, since a message that can’t be read also cannot be changed.

To be honest, the best security doesn’t require a computer, but few of us are ready to dig into things like one-time pads. So we rely on software designed to make it more convenient. These days, it can be downright transparent. That is, you can set things up on most computers to do it all automatically and stop giving it so much thought.

The most widely used system for ordinary folks like us is Pretty Good Privacy (PGP), a system designed some years ago. These days the version easiest to get for free is Gnu Privacy Guard (GnuPG) which uses the same basic concept as PGP, but is free and maintained as Open Source software. It’s a standard feature on Linux and Unix computers, but is also available for Windows and Mac.

The Windows version is here and it’s a complete package with everything you need. The Mac version is here and you’ll need to study a bit, because I don’t deal with Macs enough to be of much help. If you use Linux, there are lots of GUI tools and the simplicity of operation varies widely. You could also learn how to run it all from the command line, if you prefer.

The whole point is that the first thing you do is create your own encryption key. It has to be tied to an email address. This means you consider carefully and decide whether you might want to dedicate some email account just for this purpose. For reasons that aren’t obvious, this would be a huge boondoggle if your account is webmail only. That would mean encrypting a message as a file, then sending the file as an attachment in the email. It’s a whole lot easier to simply use an email client that is designed to handle it directly, but that means selecting an account that you can run from your computer directly, not webmail. There are lots of free ones out there that provide you direct access from a standard email client (using POP and SMTP protocols), and many ISPs will allow you to hold more than one as part of the service. This is not about free email accounts, so we presume here that you have one selected for this purpose, one that is not used for much of anything else.

I will note in passing that you can do it with Gmail, because they allow that kind of usage, and you can do it with the IMAP protocol for any service that permits it. If you use Windows Live Mail, so far no plugin exists, so it’s like webmail in that respect. If you use Outlook, developers are working on it, but it’s a ton of work for the user to integrate and may not work anyway. Keep those for your regular email, and get something like Thunderbird just for your encrypted email traffic. There is also something called Claws for Windows that does it, but Claws is a little challenging to use due to lack of automation in configuring it. With Thunderbird, it’s a simple as installing an extension made for it, called Enigmail.

Here is one of the best guides for Windows users, and it happens to include illustrations on how to do it with Claws, if you prefer. I highly recommend you create your key first using the simplified GUI tools included in the GPG4Win package. I recommend you use 2048 as the minimum key size. Passwords are discussed elsewhere on this blog, so use the search function. You can use an entire sentence if you know you can remember it and type it precisely every time; spaces are acceptable in this case.

There are two ways to share your key with other folks. I export mine to the default GPG keyserver — hkp:// You can find me as “Ed Hurst <> 0223AD6F” if you use the GUI to search for and import keys. Make sure you don’t pick up on some old key I may have used before and lost. I forgot to make a revocation certificate the first few times I played with this, so make sure you create one and save it somewhere. That way, if you decide to change to a new key for any reason, folks will know the old one is no longer valid. (Disregard; I lost that key and can’t recover it. I’ll post a new one in a new message later.)

Please note that you must exchange your public key with someone else in order to use encryption with them. You need a copy of my key and I need a copy of yours. I don’t have room to explain how this works in detail, but your public key is not the same as your private encryption key, but it still enables folks to encrypt messages to you that only you can open. Using their public key, you can do the same. In the lingo of GPG, you have to have my key on your keyring to use it, and I have to have your key on mine. We each have to mark the keys as trusted. Ideally you would exchange these keys face to face using a jump drive or something like that. However, the keyserver concept will do well enough for the level of security we might need. From all anyone can tell, the NSA struggles (generally cannot and keeps trying) with breaking this PGP style of encryption.

Once you’ve done all of that, fire up Thunderbird and set up the account you’ll be using for this. Then install the Enigmail extension as explained in the linked tutorial and it should walk you through a simple automated process of setting itself up for encryption. It knows where to find the keys most of the time.

The other way to get hold of me with a fair degree of security is to get a free account at Unseen, which is hosted in Iceland and wholly unlikely to let any outside law enforcement or spy agencies to see your mail. My address there is “broken” — if you log onto their webmail and send a message to my account there, it never leaves their server.

Laptop Oops

Saturday 3 January 2015 Leave a comment

Well, that was a real disappointment.

Just when I thought I had everything as I wanted it, Debian began puking on me. Wifi wouldn’t work consistently and the machine crashed three times in one day. In other words, it wasn’t working well enough on this peculiar machine. I really was hoping to settle down on that issue, but it was not to be. So I reinstalled CentOS 7. At least it is consistent with wifi and other hardware drivers.

Part of the whole thing was the sheer convenience of having WINE on which to run my old MS Office 2000. It matters because when I publish my books, they have to be in Word format and LibreOffice does things differently, even when exporting to the Word format. The result is simply not good. Further, while my grammar is just fine, I do commit typos and simple human errors of leaving out words, or leaving in words from edits, and I rely on Word to catch that stuff. LibreOffice does not have anything comparable.

WINE is not available for CentOS to run 32-bit Windows apps. A virtual machine is possible, but it runs dog slow on this laptop. This thing is specced for long battery life, which means a slower processor speed, which means it takes forever to get the VM open and then to do much in it.

Turns out that Microsoft has been offering a cheaper version of MS Office online for free. I already had an account with their Outlook online service, so the same login works without a hitch. From what I can see, it’s adequate for the demands of my book publisher.

It won’t matter too much whether you trust the cloud services. More and more, it becomes the necessity of life. Got an Android device? You have to have a Google account. That account comes with access to all of Google’s services: Docs, their version of Facebook, the free cloud storage, etc. I’m using the cloud because I don’t have a lot of choice.

I’m not a purist; this is just a tool. A major tool worthy of an awful lot of time and effort, but still just a tool. Running Windows 8 (which came with the laptop) is simply not an option because I can’t control the things I find it necessary to control for my mission. And because the hardware is so new, there’s not many Linux distros that will work and I’m sick of the distro sampling lifestyle of most Linux users. It’s not a religion for me, so I’m not chasing the holy grail of Linux perfection, which is no more real than the grail. Choosing CentOS and running it properly means accepting the limitations of software choices.

I can live with this.

Kubuntu Guide 10

Friday 17 October 2014 Leave a comment

(This should be the end of the series. If you have questions, suggestions for topics I forgot, etc., now is the time to pester me.)

10 — Trackballs and Windows-ware

So far, no project has seen fit to offer a simple configuration for trackballs. The most popular device is Logitech’s Marble Mouse and instructions do exist for Linux. While Ubuntu does have a page for this, the instructions are oddly incomplete. Once you take a look at the diagram and understand how it’s supposed to work, let me offer a competing solution. (The nitty-gritty details can be found here but still pretty complicated.)

First we’ll cover for right-handed users. The “8” button (left small button) should be for scrolling, a click-n-hold operation in conjunction with rolling the ball. The “9” button (right small button) should be the middle-mouse button — mouse paste. In a browser that last one also opens a link in a new tab. The larger buttons already have standard functions. Here’s where you do some serious system tinkering. Open Konsole again. Navigate to the portion of the system where the oddball configuration files are kept:

cd /usr/share/X11/xorg.conf.d

If you run ls you’ll see a collection of files whose names start with 10 or 50. We need to add one of the latter. You’ll need your sudo powers for this and you’ll need to use Nano. Refer to this link again if you need help using Nano. You shouldn’t pretend to use Linux without some familiarity with it.

sudo nano 50-marblemouse.conf

This will open a new file with nothing in it. Using your pointing device, highlight the text below and pasted it in the file.

Section "InputClass"
        Identifier  "Marble Mouse"
        MatchProduct "Logitech USB Trackball"
        MatchIsPointer "on"
        MatchDevicePath "/dev/input/event*"
        Driver "evdev"
        Option "EmulateWheel" "true"
        Option "EmulateWheelButton" "8"
        Option "Emulate3Buttons" "true"
        Option "ButtonMapping" "1 9 3 4 5 6 7 2 2"

The format with the indentations are pretty important. I can’t control all the details of how cut-n-paste works in every context, but the idea is that the first and last line are flush left and everything in between is indented by one TAB space. If it so happens you want to use this for the left hand, you need a few small changes to reverse all those buttons:

Section "InputClass"
        Identifier  "Marble Mouse"
        MatchProduct "Logitech USB Trackball"
        MatchIsPointer "on"
        MatchDevicePath "/dev/input/event*"
        Driver "evdev"
        Option "EmulateWheel" "true"
        Option "EmulateWheelButton" "9"
        Option "Emulate3Buttons" "true"
        Option "ButtonMapping" "3 8 1 4 5 6 7 2 2"

Now, first we tell Nano to save it. The command is CTRL+O (not zero). Then we close it with CTRL+X. You’ll have to reboot for this to take proper effect.

You’ll notice that instructions are out there for just about anything if you know how to search. As with Windows, chances are someone else has needed the same thing you do and has already been through it. That’s the nature of DIY and Open Source.

Most of the common activities are already provided in your menu system. If you simply must run Windows software, there are two ways to go. One is WINE — a system that helps Linux pretend it runs Windows stuff natively. Install the package wine with its huge collection of dependencies. The people who develop WINE keep a database listing of what has been tested here. You’ll need to enter the name of the software package and search for it. Frankly, much of it is out of date, but it does indicate something useful about what’s likely to work. For example, I know for a fact that the version of WINE you get with Kubuntu will run MS Office 97, 2000 and probably 2003. It may run later versions, but not Office XP. To be honest, I use WINE only so I can run Notepad++, a very fine Open Source text editor for Windows. It works perfectly that way and nothing in Linux compares for the features.

The other way is to run a virtual machine (VM). That is, you will create an artificial virtual computer on your system and install Windows on it. This requires some extra power, so if you have less than 2GB of RAM I would recommend against it. However, it’s the easiest way to run your old XP. If you allow it to connect to the Internet through your machine, you’ll need the usual anti-virus, etc. Otherwise, it’s perfectly safe and stable and you can close it up when you don’t need it — suspending it is the preferred method. While there are several different VMs available, for the sake of simplicity I’ll recommend you use VMWare Player (it’s free). You can find the Ubuntu guide here, but they miss a couple of points. Once you make the bundle executable, you have to run with sudo powers. Also, it now automatically creates all the necessary changes in one fell swoop, instead of in two steps. Just run it as sudo, give it a minute to show up in the menu, then start it up and install whatever version of Windows you like. It works with most other operating systems, too.

Be aware that the extra tools that make it all work smoothly can be installed automatically, but pay close attention to the messages from VMWare about them. Don’t download and try to install them before the OS is installed. Install the OS first and reboot, then wait until you are logged in as a user on Windows. Then click the prompts to install the tools, which amounts to special drivers to make it integrate with your desktop. If you look through the configuration menus, you’ll find out that you can elect to let your installed Windows guest OS share folders with your Linux system. I keep a Projects folder in my Home directory just for this.

That’s about as much as I can put in an introduction of this sort. Welcome to Linux and DIY computing.

Kubuntu Guide 03

Thursday 9 October 2014 Leave a comment

03 — Why Kubuntu?

The name Linux isn’t actually a thing, but a kind of thing. The underlying code base is there for anyone to build as they like. What you can build with it can be tweaked for specialized uses. Most of these projects are given away for free; the term for a “brand” of Linux is distribution. It’s distributed in a more or less coherent operating system together with various included software. While there are just a few major projects, each one is likely to have dozens more that make adjustments in the basic major distribution. So, for example, Debian Linux has a very large number of derivative projects. One of them is a group of projects released under the flagship name Ubuntu. The company behind it is named Canonical. They invest money in the product and sell support contracts and some advertising. This one comes with a default graphical user interface (GUI) that is wholly unsuitable for Windows refugees. It’s called Unity and it works fine if you think your desktop is a cellphone. While you can install one or more different GUIs, it’s usually easier to get one of the derivatives that come with a different interface by default. The name “Ubuntu” is changed to reflect that.

We will be using Kubuntu — the KDE desktop on Ubuntu. There are two particular advantages. First, it’s not actually under Canonical’s control; it’s a volunteer derivative project. That means we don’t have to deal with the advertising part of Canonical’s business. Second, this is the one GUI closest to Windows in terms of how the user experiences it.

Let’s face it: The traditional Windows desktop GUI is the standard. Way back before Microsoft was planning their GUI on top of DOS, they first copied some existing ideas while also investing a lot of time and money in research. This research was designed to detect instinctive human behaviors when first encountering a GUI. Lots of test subjects with little or no computer experience were allowed to play with the mouse and the researchers watched and evaluated. The net result was the Windows 95 desktop. Not perfect, but it did take into account typical human expectations. That was before most current computer users were born. It’s hard to say whether that basic GUI is still the best match for instinctive behavior, there’s no doubt it’s what most people are now used to seeing. Efforts to innovate too much don’t get very far in terms of popular acceptance.

So there’s no reason to depart much from the standard Windows desktop GUI. The K Desktop Environment (KDE) stays pretty close to that. It was even better in the past, but recent bright ideas from the not-so-user-friendly Open Source developers haven’t damaged it too much. It’s as close as we’ll get.

Another advantage is that we gain the highly automated and generally sane defaults that come with Ubuntu itself. Much of the Linux experience is very much DIY with defaults that make the developers happy. The underlying Debian design is mostly by and for systems administrators; it’s server software. It works okay on the desktop and can be adjusted to meet common expectations, but it’s not there by default, regardless of which GUI you put on top. The installation defaults exclude a lot of things for reasons that most likely mean nothing to you. It tends to cripple the functioning of the software on some hardware combinations. As I said, you can fix that and the extra goodies are available, but not included by default. You have to know what you need and do some extra work. Canonical decided to take Debian and polish it up, including all the extras by default. Most things you are likely to need from an operating system are already pretty close to what you might expect in Kubuntu.

But it’s not Windows. In fact, Linux is a type of Unix, and that affects the entire experience.

CentOS 7: Virtual Box VM

Thursday 31 July 2014 Leave a comment

Folks, this is how it’s done.

Oracle may not be our favorite company, but this is one thing you will not want to miss: Oracle’s Virtual Box VM. It’s free.

You’ll find the user manual is quite in-depth. Here are the installation instructions. Keep a link to the manual itself in case you need some help on things. What follows is a quick-n-dirty HOWTO.

You will need to install the kernel-devel package and all the dependencies. You’ll also need the dkms from EPEL, so be sure to enable that respository. What dkms does is allow kernel modules to follow updates to newer kernels.

Download the correct version of Virtual Box; it will list CentOS 7 with a link to the RPM. You’ll need your root credentials to install using Yum on the CLI. What happens is that the package builds itself on your machine and creates several kernel modules. It will take a good long while as the system is quite busy in the background.

I got errors from SELinux about attempts by ldconfig to write to some directory. You’ll have them show up in little GUI popups and on the console after it’s installed you’ll see this:

Trying to register the VirtualBox kernel modules using DKMSldconfig: Can't create temporary cache file /etc/ Permission denied
ldconfig exited ungracefully
ldconfig: Can't create temporary cache file /etc/ Permission denied
ldconfig exited ungracefully
ldconfig: Can't create temporary cache file /etc/ Permission denied
ldconfig exited ungracefully

So far as I can tell, it has no effect on the outcomes, so just be aware that this represents how strongly SELinux protects you from unwanted changes to your system.

Also notice the message about adding your user account to the vboxusers group. While still logged in as root, simply edit the file /etc/group. Scroll down to the last item on the list, which should be vboxusers and simply add your user account name at the end of the line.

Launch from the main menu: System > Oracle VM Virtual Box. Upon first running the thing you’ll discover this is a very intelligent tool and much easier to use than Qemu.

You create the machine first and get it running before you install. I didn’t think 192MB was enough RAM for Windows XP. Depending on your system, you may not be able to give your VM multiple cores on the CPU. If you can’t, you’ll get errors about not having AMD-V enabled in the BIOS. My Win8 laptop was like that. However, I was able to link the machine to my own home folders right from the start; I selected the automount option and browsed to a Projects folder where I need to use MS Office. You really need to take your time and explore the various options in this manager window.

The display is considerably less laggy than Qemu. Once you install the Guest Additions, it becomes even less so. You can fix a lot of niggling issues like display, making your VM respond automatically to window resizing and such. Under the VM menu, see “Devices” and select the last item at the bottom to automatically mount the virtual ISO image and get those extra drivers so that everything can be smooth and unified in use.

A very handy feature is the row of icons across the lower right side of the window when the VM is running. You can connect and disconnect from the host USB, CD/DVD drives, etc. with ease. From the menu, you can elect to connect or disconnect things like the network connection. So you can, for example, keep your vulnerable XP VM from the Internet.

It’s pretty easy to export your VMs and reimport them on other machines running Virtual Box.

CentOS 7: QEMU

Wednesday 30 July 2014 Leave a comment

Install a Windows VM on CentOS/RHEL 7 using QEMU — this is the hard way.

VMware won’t build properly on CentOS 7 and all of the suggest fixes failed. The simplest answer is using the included virtual machine, QEMU.

See this quickstart guide first. Sadly, they don’t tell you to install libvirt:

yum install libvirt

Then, turn on the libvirt service:

systemctl enable libvirtd.service
systemctl start libvirtd.service

It still won’t run properly, so reboot!

Whatever OS you wish to install, extract an ISO image from CD/DVD. This way you won’t have to fight permissions. This is true of everything you want to use with your VM. There are various ways to pull off the CD/DVD into an ISO.

Sine I’m running KDE, it’s simplest to use K3B. Select the option to copy your CD/DVD and on the “Options” tab, check the box for “Only create image.” Also, click the “Image” tab because you may want to move the image from the default location up in the /tmp/ directory. Click the folder icon button and select someplace like your home folder.

When you open the Qemu manager (in the main menu under “System > Virtual Machine Manager”) you’ll be prompted for root credentials. It won’t run in user mode.

I didn’t have much luck installing XP; it kept hanging and entering a race condition. Win2K worked fine for this experiment.

Click the button for a new machine. Give it a name like “win2k”. Select to install from “Local install media” then on the next tab choose “ISO image” and navigate to where you had K3B save it. Select OS type and version. I had to tell Qemu to show me all the options for Windows before it listed “Windows 2000″.

The defaults for RAM and CPU are okay, but you can double the CPU if your machine actually has two or more cores and you think you’ll need it. The defaults for storage are probably fine unless you know you need a big storage space.

The rest is a matter of having installed Windows a time or two. There may be some errors flash on the screen at times, but unless they persist, they don’t mean anything. Play with the settings; I found the Cirrus display gave me a lot more screen real estate.

Qemu is downright cranky and sometimes cryptic. I had to manually tell it to add a USB passthrough option so I could connect a jump drive to the VM. Unlike other VMs, Qemu will not make it easy to link the VM to your host file system. You’d have to run a file server (Samba for Windows VMs) and connect through the virtual network link. Worst of all, it takes lots of system resources to run any 32-bit VM and it’s quite laggy, so if you intend to use it a lot, you’ll have to be ready for that. I don’t recommend Qemu for Windows VMs.

CentOS 7: Home Networking

Monday 21 July 2014 1 comment

CentOS is a lot smarter than you might expect. It knows when it is connected to a home router. The new firewall quickly adjusts and generally does the right thing.

However, it won’t automatically allow you to link to the other computers on your home network. It’s defensive by nature and pretty tight. Once you tell the firewall things are okay for this or that, it will relax just a bit.

Let’s say that you have at least one other computer on your home network running Windows. This is not about Windows, so you’ll have to research how, but your Winbox can share files and any peripherals attached to it with your CentOS 7 machine (start by reading this for XP/Vist and this for Win7). The nickname for the protocol Linux uses to talk to Windows is called “Samba” which is taken from the abbreviation SMB (server message block). By default, it’s likely your CentOS machine is running a Samba client. It simply needs permission from the firewall to use it on the home network.

In your main menu, find the system administration tool for the firewall. It will demand your root credentials. The window that will open is pretty complicated, but we only need to worry about one thing: In the window pane on the left, select “home” — it’s the zone of operations CentOS knows comes from home networking traffic. In the window pane on the right, scroll down to find “samba-client” and select that box. The firewall immediately opens that channel for traffic only inside the router network.

Now test it by opening your file browser window. Look for something that indicates the Network connections and click that. Find the icon for Samba shares. Click and it should offer you a list of the Windows networks. By default, Windows computers will be set up to use “workgroup” as the name for this. Click that icon and you should find a list of Windows computers within that default workgroup. If you attempt to connect to any Windows “host” listed there with whatever name you gave it when you set it up (like “winbox”), you’ll need a name and password for any of the accounts on that machine. You can have your file browser window remember the password so you can log on at will. Once logged in, you can browse the file system as if it were your own on CentOS.

I’m not going to detail here the chase to find printer drivers for Linux; it’s pretty complicated. CentOS 7 comes with most of those available. You can find more at this page. Also, note that several major printer manufacturers have begun offering their own special Linux drivers, so do your own research. So let’s assume for now you know you have a Linux driver for a printer connected to your Winbox.

When you run the printer setup tool on CentOS, one of the options is a network printer using Samba (SMB). Click that option and fill in the information as required for your Windows Samba share. This assumes you’ve set up things on your Winbox to share and have given the printer share a simple name — I used “winprint.” Thus, it was a simple matter of smb://winbox/winprint for me. Then I chose the appropriate driver and set it up using the tool on CentOS. I was able to print a test page in just a couple of minutes.

The key was simply getting the firewall to open up for the samba client.


Get every new post delivered to your Inbox.

Join 617 other followers