Can the Law of Noah apply to computers?
My wife has run Win7 on her desktop machine since it was released. It’s not that she never found any unwanted malware, but that it never affected the operation of her system. Her efforts always paid off, and her protective software saved her from any sorrows. This is someone who surfs a lot of Facebook and other places where scams and malware have been passed through false advertising, but it never hit her.
This machine is under my moral dominion. Someone gave me that computer, and I eventually passed it over to her. Aside from Facebook and the games there, she uses it for her family history research, and chases recipes and natural medicine. Other family members have used it some, as well. It’s not that the pastor is so holy and righteous, but he and his wife are reaping the blessings of the Laws of God. When you seek His favor and meditate on the implications of His moral character, He extends His hedge of protection over all that you do for His glory. Everything you touch then belongs to Him.
So if He wants us to suffer something, there’s a reason for it and we bear it with grace. Apparently He’s not interested in us having to deal with computer problems of our own. I still fix a lot of other folks’ computers, but ours tend to be pretty stable and manageable.
BTW, I did have another problem with the laptop. Apparently the developers at RHEL, from whence CentOS gets all their code, are not interested in making everything work properly on laptops. It is server software, after all. That’s where Red Hat’s income is. So it burned through a battery charge in about half the time it should have, and refused to connect to my Android device, and a few other things just didn’t go quite right. So I gave up.
Someone had given me a copy of Win7 and I installed that. It’s a hassle because I had to chase down the drivers, since the manufacturer had no plans to support Win7 on this thing (it’s a Win8 machine). I don’t get all the software I like pre-installed, and it means worrying about a whole bunch of things that don’t affect Linux. I’m sure there’s a reason for that and I am not going to speculate, but I sense that God is showing me something. So I am at peace and things work, but it’s a lot of work for me. I’m not worried in the sense of anxious, but in the sense that I know Windows is much more vulnerable than Linux, so it needs more care. The shepherd has to herd computers, too.
At any rate, I’m doing the best I know to please my Father and seek His favor. My story is that it has always paid off in terms of His promises. That it hasn’t always been what I wished simply shows I need help getting my wishes adjusted.
As previously noted, I don’t anticipate actually needing encrypted communications for myself. However, some of you may see a need, or other folks may come into my world feeling the need.
Encryption is touted as primarily a means of digital privacy. If you worry about people intercepting you communications and seeing what’s in them, then encryption reduces the risk. I maintain that my bigger concern is not so much snooping as that someone might change my message. It turns out that encryption can support that in some contexts, since a message that can’t be read also cannot be changed.
To be honest, the best security doesn’t require a computer, but few of us are ready to dig into things like one-time pads. So we rely on software designed to make it more convenient. These days, it can be downright transparent. That is, you can set things up on most computers to do it all automatically and stop giving it so much thought.
The most widely used system for ordinary folks like us is Pretty Good Privacy (PGP), a system designed some years ago. These days the version easiest to get for free is Gnu Privacy Guard (GnuPG) which uses the same basic concept as PGP, but is free and maintained as Open Source software. It’s a standard feature on Linux and Unix computers, but is also available for Windows and Mac.
The Windows version is here and it’s a complete package with everything you need. The Mac version is here and you’ll need to study a bit, because I don’t deal with Macs enough to be of much help. If you use Linux, there are lots of GUI tools and the simplicity of operation varies widely. You could also learn how to run it all from the command line, if you prefer.
The whole point is that the first thing you do is create your own encryption key. It has to be tied to an email address. This means you consider carefully and decide whether you might want to dedicate some email account just for this purpose. For reasons that aren’t obvious, this would be a huge boondoggle if your account is webmail only. That would mean encrypting a message as a file, then sending the file as an attachment in the email. It’s a whole lot easier to simply use an email client that is designed to handle it directly, but that means selecting an account that you can run from your computer directly, not webmail. There are lots of free ones out there that provide you direct access from a standard email client (using POP and SMTP protocols), and many ISPs will allow you to hold more than one as part of the service. This is not about free email accounts, so we presume here that you have one selected for this purpose, one that is not used for much of anything else.
I will note in passing that you can do it with Gmail, because they allow that kind of usage, and you can do it with the IMAP protocol for any service that permits it. If you use Windows Live Mail, so far no plugin exists, so it’s like webmail in that respect. If you use Outlook, developers are working on it, but it’s a ton of work for the user to integrate and may not work anyway. Keep those for your regular email, and get something like Thunderbird just for your encrypted email traffic. There is also something called Claws for Windows that does it, but Claws is a little challenging to use due to lack of automation in configuring it. With Thunderbird, it’s a simple as installing an extension made for it, called Enigmail.
Here is one of the best guides for Windows users, and it happens to include illustrations on how to do it with Claws, if you prefer. I highly recommend you create your key first using the simplified GUI tools included in the GPG4Win package. I recommend you use 2048 as the minimum key size. Passwords are discussed elsewhere on this blog, so use the search function. You can use an entire sentence if you know you can remember it and type it precisely every time; spaces are acceptable in this case.
There are two ways to share your key with other folks. I export mine to the default GPG keyserver — hkp://keys.gnupg.net. You can find me as
“Ed Hurst <email@example.com> 0223AD6F” if you use the GUI to search for and import keys. Make sure you don’t pick up on some old key I may have used before and lost. I forgot to make a revocation certificate the first few times I played with this, so make sure you create one and save it somewhere. That way, if you decide to change to a new key for any reason, folks will know the old one is no longer valid. (Disregard; I lost that key and can’t recover it. I’ll post a new one in a new message later.)
Please note that you must exchange your public key with someone else in order to use encryption with them. You need a copy of my key and I need a copy of yours. I don’t have room to explain how this works in detail, but your public key is not the same as your private encryption key, but it still enables folks to encrypt messages to you that only you can open. Using their public key, you can do the same. In the lingo of GPG, you have to have my key on your keyring to use it, and I have to have your key on mine. We each have to mark the keys as trusted. Ideally you would exchange these keys face to face using a jump drive or something like that. However, the keyserver concept will do well enough for the level of security we might need. From all anyone can tell, the NSA struggles (generally cannot and keeps trying) with breaking this PGP style of encryption.
Once you’ve done all of that, fire up Thunderbird and set up the account you’ll be using for this. Then install the Enigmail extension as explained in the linked tutorial and it should walk you through a simple automated process of setting itself up for encryption. It knows where to find the keys most of the time.
The other way to get hold of me with a fair degree of security is to get a free account at Unseen, which is hosted in Iceland and wholly unlikely to let any outside law enforcement or spy agencies to see your mail. My address there is “broken” — if you log onto their webmail and send a message to my account there, it never leaves their server.
Well, that was a real disappointment.
Just when I thought I had everything as I wanted it, Debian began puking on me. Wifi wouldn’t work consistently and the machine crashed three times in one day. In other words, it wasn’t working well enough on this peculiar machine. I really was hoping to settle down on that issue, but it was not to be. So I reinstalled CentOS 7. At least it is consistent with wifi and other hardware drivers.
Part of the whole thing was the sheer convenience of having WINE on which to run my old MS Office 2000. It matters because when I publish my books, they have to be in Word format and LibreOffice does things differently, even when exporting to the Word format. The result is simply not good. Further, while my grammar is just fine, I do commit typos and simple human errors of leaving out words, or leaving in words from edits, and I rely on Word to catch that stuff. LibreOffice does not have anything comparable.
WINE is not available for CentOS to run 32-bit Windows apps. A virtual machine is possible, but it runs dog slow on this laptop. This thing is specced for long battery life, which means a slower processor speed, which means it takes forever to get the VM open and then to do much in it.
Turns out that Microsoft has been offering a cheaper version of MS Office online for free. I already had an account with their Outlook online service, so the same login works without a hitch. From what I can see, it’s adequate for the demands of my book publisher.
It won’t matter too much whether you trust the cloud services. More and more, it becomes the necessity of life. Got an Android device? You have to have a Google account. That account comes with access to all of Google’s services: Docs, their version of Facebook, the free cloud storage, etc. I’m using the cloud because I don’t have a lot of choice.
I’m not a purist; this is just a tool. A major tool worthy of an awful lot of time and effort, but still just a tool. Running Windows 8 (which came with the laptop) is simply not an option because I can’t control the things I find it necessary to control for my mission. And because the hardware is so new, there’s not many Linux distros that will work and I’m sick of the distro sampling lifestyle of most Linux users. It’s not a religion for me, so I’m not chasing the holy grail of Linux perfection, which is no more real than the grail. Choosing CentOS and running it properly means accepting the limitations of software choices.
I can live with this.
Folks, this is how it’s done.
Oracle may not be our favorite company, but this is one thing you will not want to miss: Oracle’s Virtual Box VM. It’s free.
You will need to install the
kernel-devel package and all the dependencies. You’ll also need the
dkms from EPEL, so be sure to enable that respository. What
dkms does is allow kernel modules to follow updates to newer kernels.
Download the correct version of Virtual Box; it will list CentOS 7 with a link to the RPM. You’ll need your root credentials to install using Yum on the CLI. What happens is that the package builds itself on your machine and creates several kernel modules. It will take a good long while as the system is quite busy in the background.
I got errors from SELinux about attempts by ldconfig to write to some directory. You’ll have them show up in little GUI popups and on the console after it’s installed you’ll see this:
Trying to register the VirtualBox kernel modules using DKMSldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied ldconfig exited ungracefully ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied ldconfig exited ungracefully ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied ldconfig exited ungracefully
So far as I can tell, it has no effect on the outcomes, so just be aware that this represents how strongly SELinux protects you from unwanted changes to your system.
Also notice the message about adding your user account to the
vboxusers group. While still logged in as root, simply edit the file
/etc/group. Scroll down to the last item on the list, which should be
vboxusers and simply add your user account name at the end of the line.
Launch from the main menu: System > Oracle VM Virtual Box. Upon first running the thing you’ll discover this is a very intelligent tool and much easier to use than Qemu.
You create the machine first and get it running before you install. I didn’t think 192MB was enough RAM for Windows XP. Depending on your system, you may not be able to give your VM multiple cores on the CPU. If you can’t, you’ll get errors about not having AMD-V enabled in the BIOS. My Win8 laptop was like that. However, I was able to link the machine to my own home folders right from the start; I selected the automount option and browsed to a Projects folder where I need to use MS Office. You really need to take your time and explore the various options in this manager window.
The display is considerably less laggy than Qemu. Once you install the Guest Additions, it becomes even less so. You can fix a lot of niggling issues like display, making your VM respond automatically to window resizing and such. Under the VM menu, see “Devices” and select the last item at the bottom to automatically mount the virtual ISO image and get those extra drivers so that everything can be smooth and unified in use.
A very handy feature is the row of icons across the lower right side of the window when the VM is running. You can connect and disconnect from the host USB, CD/DVD drives, etc. with ease. From the menu, you can elect to connect or disconnect things like the network connection. So you can, for example, keep your vulnerable XP VM from the Internet.
It’s pretty easy to export your VMs and reimport them on other machines running Virtual Box.
Install a Windows VM on CentOS/RHEL 7 using QEMU — this is the hard way.
VMware won’t build properly on CentOS 7 and all of the suggest fixes failed. The simplest answer is using the included virtual machine, QEMU.
See this quickstart guide first. Sadly, they don’t tell you to install libvirt:
yum install libvirt
Then, turn on the libvirt service:
systemctl enable libvirtd.service
systemctl start libvirtd.service
It still won’t run properly, so reboot!
Whatever OS you wish to install, extract an ISO image from CD/DVD. This way you won’t have to fight permissions. This is true of everything you want to use with your VM. There are various ways to pull off the CD/DVD into an ISO.
Sine I’m running KDE, it’s simplest to use K3B. Select the option to copy your CD/DVD and on the “Options” tab, check the box for “Only create image.” Also, click the “Image” tab because you may want to move the image from the default location up in the
/tmp/ directory. Click the folder icon button and select someplace like your home folder.
When you open the Qemu manager (in the main menu under “System > Virtual Machine Manager”) you’ll be prompted for root credentials. It won’t run in user mode.
I didn’t have much luck installing XP; it kept hanging and entering a race condition. Win2K worked fine for this experiment.
Click the button for a new machine. Give it a name like “win2k”. Select to install from “Local install media” then on the next tab choose “ISO image” and navigate to where you had K3B save it. Select OS type and version. I had to tell Qemu to show me all the options for Windows before it listed “Windows 2000″.
The defaults for RAM and CPU are okay, but you can double the CPU if your machine actually has two or more cores and you think you’ll need it. The defaults for storage are probably fine unless you know you need a big storage space.
The rest is a matter of having installed Windows a time or two. There may be some errors flash on the screen at times, but unless they persist, they don’t mean anything. Play with the settings; I found the Cirrus display gave me a lot more screen real estate.
Qemu is downright cranky and sometimes cryptic. I had to manually tell it to add a USB passthrough option so I could connect a jump drive to the VM. Unlike other VMs, Qemu will not make it easy to link the VM to your host file system. You’d have to run a file server (Samba for Windows VMs) and connect through the virtual network link. Worst of all, it takes lots of system resources to run any 32-bit VM and it’s quite laggy, so if you intend to use it a lot, you’ll have to be ready for that. I don’t recommend Qemu for Windows VMs.