> I upgraded to Ubuntu Maverick Meetkat last week.
> It's the best desktop I ever used. And now its dead.:(
Well...if you just look AT your box it's both alive and dead. Whereas if you look inside, it's either/or. Therefore we can conclude with certainty, that the rumours of the death of Linux on the desktop box are between 0 - 100% wrong...depending on your entanglement with the Maverick Meerkat.:-)
Well, it'd only work if it's implemented system-wide. As in: Install package OpenOffice and automatically the header gets added to your e-mail program for outgoing messages. Likewise the mailer needs to pick up on it as already described.
> If anyone can accept ODT, they will generally say so when requesting documents.
Actually this would be great to have as X-email header: ODT accepted. The E-mail program could print that out as status line or pop up a notice when sending an attachment to that recipient... Not holding my breath for Outlook to implement that, but how about the Open-Source mailers?
> Open Office had better support MS Office documents to a perfect degree, and offer the same toolset that MS Office provides.
Quite frankly, this is exactly, why OSS is always trailing and having a hard time to catch up: It needs to always do twice as much as the entrenched programs...once their own way of doing things and then, in addition, the Microsoft way of doing things. Most complaints I hear are not so much about how an Open-Source program in itself has limitations, but how it has limitations (perceived or real) in dealing with MS-issued software or larger MS-environment. "If it doesn't do exactly what MS-Office does I won't use it!" "If it doesn't perfectly/100% read MS' proprietary file formats, it's not ready for business!". "If it doesn't look exactly like MS-Office my people won't be able to/won't want to use it!" "If it doesn't integrate with AD...." etc.pp..
While Open-Source software is certainly not the right thing for every place (incl. some Office settings), I hear the distinct whining of people and businesses, who have more or less willingly painted themselves into the corner of a specific vendor. That getting out of that corner or even entertaining the thought of it is almost an insurmountable obstacle is only a logical conclusion. As far as I am concerned I feel, that it's got to be one of the most ridiculous things on earth in 2010, that people are forced to use a specific Office program to edit documents. It shouldn't matter, damnit, what you use, as long as the resulting file makes sense and can be shared. OpenDocument is a great thing, but came a decade too late. Today DOC(x) is 'the standard' and everybody else's gotta cater to it. MS wins by default: DOC(x) = MS-Office, MS-Office = Windows, Windows = site license, site license = AD, Exchange, Sharepoint etc. until we are in schools, where 'todays business standards' are being 'taught' to students. It sucks and the Mafia couldn't have done better in setting up their business (remember WordPerfect, which most people were highly unwilling to leave but got forced to by MS). I still regard the DOC format as one of the top three things that held back innovation in the entire IT infrastructure and business landscape. It's be so great, if the choices were manifold with a certainty, that resulting documents and spreadsheets could be seamlessly used by any other choice (of a user). Technically we have that (OOo, MSO, WP, KO etc.)...in reality we don't!
> It still surprises me that GPG/PGP is still not a standard feature of all mail readers. It seems so obvious.
Tell me about it:-) Don't let that hinder you though. For pretty much every MUA some Form of GPG-support is available. Like Thunderbird - Enigmail, Outlook - GPG4Win etc.. Cool MUA's, like Evolution, Kmail etc. have it built-in. Worst case scenario is to use GPG via the Clipboard. So you write your e-mail in some editor of your choice, then highlight everything/copy to clipboard and then do the GPG actions there. Various options exist just for that. If you're really hard-core, you could also use it via command-line:-) While interesting, especially for learning purposes, it tends to get tedious. So find a better option for the long-run.
> What about running your own mail server? I always wanted to do that anyway.
By all means...go for it. It gives you full control. Of course, you also need to set it up and maintain it to some extent (unless you have somebody do it for you) and, if you lease a server somewhere, pay accordingly. It's not that much though. Ditto for DNS.
> The only problem then is of course that SMTP traffic is unencrypted. Or is it?
The definite answer is: it depends:-) You can set the MTA up to negotiate the connection settings with the mail server on the other side when sending a mail. Including whether to use TLS (preferred) or SSL.
> It would make sense if that also had an encrypted as well as an unencrypted version.
That's exactly how it works: Attempt TLS by default...if the other side doesn't support it then go plain-text SMTP.
> But even then I can't force people who mail me to use the encrypted version.
If by people you mean the mail server (usually the users have no idea or influence over that part unless they run their own) then you are correct...you are relying on the coolness of the server admin to have it set up like yourself and happily use TLS if possible.
Am not sure though what you're trying to achieve: If you want real e-mail security, you must use actual e-mail encryption. Such as offered by GPG - http://www.gnupg.org/ Even then, the other person needs to also use it. That tends to be a chicken and egg issue. If you're talking family, girlfriend etc. you might simply install it for them and show them how to use it. That part even less technical people can deal with...the setup not so much. You can still run your own mail server with TLS-support anyway, but see it as icing on the cake, not real security because of above mentioned issues. But every bit helps.:-)
> > Speaking of data retention, do they really log my email?
> They also read it/search it, forward it to human analysts based on triggers, save it...perhaps for eternity etc.. > Granted, it's not the ISP's doing that but other three-letter organizations.
To answer your question a bit more:
AFAIK, (E-Mail) Providers are forced to save the sender, his login ID and log-on/log-off times, recipients - including CC's and BCC's (both directions), subject line, dates/times of sent and received mail etc.. Basically the headers and then some. It's retained usually for 6 months (ISP saving the logs somewhere). There is no requirement to save the actual e-mail content/body, but may be saved as well.
Depending on the country it's more or less easy for police etc. to legally get that data (we'll leave the NSA-style spooks out of this, since they read everything anyway regardless of ISP data retention).
If you want to protect yourself, you need, as mentioned, a separate e-mail provider, preferably in a country without such crap. Then your ISP can't log anything because all they see is SSL traffic. Another option is using anonymous remailers, since they are specifically designed to prevent traffic analysis.
> Speaking of data retention, do they really log my email?
They also read it/search it, forward it to human analysts based on triggers, save it...perhaps for eternity etc.. Granted, it's not the ISP's doing that but other three-letter organizations.
> Time to figure out how to encrypt my IMAP communication.
It's not a bad thing to do so, but your ISP (where your mail is) still gets to log everything as before. You'd need an external provider for SSL to make some difference.
> (Maybe it's encrypted already, but I'd like to be sure.)
Check your account settings/connection settings. Usually it's through a different port, sometimes even a different mail server/hostname thereof. The use of SSL needs to be explicitly turned on there. Check with your e-mail provider what the settings need to be. It's usually not advertised but available. Make sure to change both incoming and outgoing connections if applicable. Also make sure to change the settings for all devices you might use for that account (laptop, workstation, cell phone etc.).
OK, can see the SSO part of it. Firefox is even more annoying when it comes to signing on to the proxy: when you have your tabs saved on restart, it will pop up a login window for every freaking tab! Ironically it behaves far better when crashed and it asks you if you want to restore your tabs. Then the login window comes only once and then gets applied for all tabs once you restore them. I truly hope, they fix that nonsense with the next version because it takes me a good couple minutes, sometimes more just to start the browser and get all the tabs going...
> once firefox and/or chrome have enterprise tools to make it work with activedirectory
Am not sure why the browser would need 'enterprise tools' for AD (what kind of tools anyway?)...we use AD at work and Firefox is offered pre-packaged for all those, who want it. Tell me what you mean...
> just type it all out in another window (text editor would be easiest), proof it carefully, then copy/paste.
Or even easier, use the built-in search entry bar in Firefox (to the right of the location bar). It only gets transmitted when you hit Enter or click on the magnifying glass icon. Couple that with the Scroogle Firefox add-on and you're searching anonymously and SSL-encrypted (FWIW):
Always wondered though, if you can still do an anonymous search in one tab while having your non-anonymized Gmail account open in another. Probably not...
> They weren't CA keys, they were the private keys belonging to certificates > used by two hardware companies to sign their code.
The people having access to those just as easy can have access to the private keys of any of the dozens of SSL CA's!
> If they were CA keys then every single certificate signed by those CA keys > owned by literally thousands of companies would have to be revoked and reissued.
Well, first you'd have to know they were compromised, wouldn't you. Obviously nobody knew about the compromise of the hardware companies' private keys before Stuxnet either and those that did...well...used it to their advantage without telling the world.
Eventually a similar story of MITM's or outright attacks using compromised SSL CA's will come to pass. Until then, let's make sure we keep paying for 'the trust' they so graciously provide....
> you can find out things through Facebook that you are prohibited by law from asking your employees
Well, unless the (prospective or actual) employees have sensible privacy settings, namely everything Friends Only. Assuming they're careful of who they add as such 'friends'.
This proposal can only work if encryption is outlawed for private citizens. Basically the E-quivalent of scrapping the 2nd amendment. So how about doing something against it? Most obviously: Start encrypting everything you can. Install the HTTPS-Everywhere plugin for Firefox, make some keys for GPG even if you use them for clear-text signing, encrypt your Instant Messages, encrypt your hard drive etc.pp.. Then do the same for all your relatives and friends (make it easy for them). Why? Not because (most likely) your stuff is that important. No. It's to send a clear signal to everyone you communicate with: Hey, I value your privacy, I value mine. And Gentlemen don't read other Gentlemen's mail! So Gentlemen....get to work.
> Morally the US government cannot be defended. In fact morality and government don't even belong in the same sentence. > Governments fight and win wars, if you want morality go to church.
Agree. But church and morality don't belong in the same sentence either.
> Clearing the cookies daily is what I always wanted.
Then you might like the AskforSanitize add-on too, because it gives you the option of removing history (or only the cookies if you like) via a time-span selection. See above in the thread for the link.
> there used to be the additional option of having that same selection as a pop-up window on exit (closing the browser). > This was done away with...dunno...with 3.5+, I think. That's what I mean. > Install the BetterPrivacy Plugin to see roughly, what it was about.
Sorry...the wrong plugin (even though BetterPrivacy is another must-have).
For what it's worth: The option in the FF preferences, besides the still existing "Clear History when Firefox closes", was a simple 2nd checkbox: "Ask me before clearing private data" (or 'Ask me before clearing history'). That would trigger the pop-up window on exit, giving you the options of simply accepting the defaults with OK and clearing the history according to your global preferences, manually overriding the defaults and clearing history custom-by-session or cancelling the deletion altogether. You do NOT have these options available anymore...it's either all or nothing. And that's a clear loss of functionality.
If you did not check the "Ask me before" box, it would simply delete the data as specified via Preferences as is now the only possible behavior.
Slashdot Mirror
> Linux desktop is very much alive...
Same here. Mine even snores at night. Or my HARD DRIVE IS DYING... :-/
> I upgraded to Ubuntu Maverick Meetkat last week.
> It's the best desktop I ever used. And now its dead. :(
Well...if you just look AT your box it's both alive and dead. Whereas if you look inside, it's either/or. Therefore we can conclude with certainty, that the rumours of the death of Linux on the desktop box are between 0 - 100% wrong...depending on your entanglement with the Maverick Meerkat. :-)
> I know Claws Mail can do custom headers.
Well, it'd only work if it's implemented system-wide. As in: Install package OpenOffice and automatically the header gets added to your e-mail program for outgoing messages. Likewise the mailer needs to pick up on it as already described.
> Oracle haven't been sidelined at all, they've barely started.
Yeah...like they started charging 80 bucks for the, formerly free, MS-Office ODF plugin...
I really wonder, what they're gonna do about OOo. My feeling says, nothing that Open-Source friends are gonna appreciate. :-/
> If anyone can accept ODT, they will generally say so when requesting documents.
Actually this would be great to have as X-email header: ODT accepted. The E-mail program could print that out as status line or pop up a notice when sending an attachment to that recipient...
Not holding my breath for Outlook to implement that, but how about the Open-Source mailers?
> even where we use OO to produce documents, unless we have prior consent from the recipients, we export to MS format before sending.
Out of interest:
Why not send both versions attached (ODT and DOC)?
> Open Office had better support MS Office documents to a perfect degree, and offer the same toolset that MS Office provides.
Quite frankly, this is exactly, why OSS is always trailing and having a hard time to catch up: It needs to always do twice as much as the entrenched programs...once their own way of doing things and then, in addition, the Microsoft way of doing things. Most complaints I hear are not so much about how an Open-Source program in itself has limitations, but how it has limitations (perceived or real) in dealing with MS-issued software or larger MS-environment.
"If it doesn't do exactly what MS-Office does I won't use it!"
"If it doesn't perfectly/100% read MS' proprietary file formats, it's not ready for business!".
"If it doesn't look exactly like MS-Office my people won't be able to/won't want to use it!"
"If it doesn't integrate with AD...."
etc.pp..
While Open-Source software is certainly not the right thing for every place (incl. some Office settings), I hear the distinct whining of people and businesses, who have more or less willingly painted themselves into the corner of a specific vendor. That getting out of that corner or even entertaining the thought of it is almost an insurmountable obstacle is only a logical conclusion.
As far as I am concerned I feel, that it's got to be one of the most ridiculous things on earth in 2010, that people are forced to use a specific Office program to edit documents. It shouldn't matter, damnit, what you use, as long as the resulting file makes sense and can be shared. OpenDocument is a great thing, but came a decade too late. Today DOC(x) is 'the standard' and everybody else's gotta cater to it. MS wins by default: DOC(x) = MS-Office, MS-Office = Windows, Windows = site license, site license = AD, Exchange, Sharepoint etc. until we are in schools, where 'todays business standards' are being 'taught' to students. It sucks and the Mafia couldn't have done better in setting up their business (remember WordPerfect, which most people were highly unwilling to leave but got forced to by MS). I still regard the DOC format as one of the top three things that held back innovation in the entire IT infrastructure and business landscape. It's be so great, if the choices were manifold with a certainty, that resulting documents and spreadsheets could be seamlessly used by any other choice (of a user). Technically we have that (OOo, MSO, WP, KO etc.)...in reality we don't!
> It still surprises me that GPG/PGP is still not a standard feature of all mail readers. It seems so obvious.
Tell me about it :-) :-) While interesting, especially for learning purposes, it tends to get tedious. So find a better option for the long-run.
Don't let that hinder you though. For pretty much every MUA some Form of GPG-support is available. Like Thunderbird - Enigmail, Outlook - GPG4Win etc.. Cool MUA's, like Evolution, Kmail etc. have it built-in.
Worst case scenario is to use GPG via the Clipboard. So you write your e-mail in some editor of your choice, then highlight everything/copy to clipboard and then do the GPG actions there. Various options exist just for that.
If you're really hard-core, you could also use it via command-line
> What about running your own mail server? I always wanted to do that anyway.
By all means...go for it. It gives you full control. Of course, you also need to set it up and maintain it to some extent (unless you have somebody do it for you) and, if you lease a server somewhere, pay accordingly. It's not that much though. Ditto for DNS.
> The only problem then is of course that SMTP traffic is unencrypted. Or is it?
The definite answer is: it depends :-)
You can set the MTA up to negotiate the connection settings with the mail server on the other side when sending a mail. Including whether to use TLS (preferred) or SSL.
> It would make sense if that also had an encrypted as well as an unencrypted version.
That's exactly how it works:
Attempt TLS by default...if the other side doesn't support it then go plain-text SMTP.
> But even then I can't force people who mail me to use the encrypted version.
If by people you mean the mail server (usually the users have no idea or influence over that part unless they run their own) then you are correct...you are relying on the coolness of the server admin to have it set up like yourself and happily use TLS if possible.
Am not sure though what you're trying to achieve: :-)
If you want real e-mail security, you must use actual e-mail encryption. Such as offered by GPG - http://www.gnupg.org/
Even then, the other person needs to also use it. That tends to be a chicken and egg issue. If you're talking family, girlfriend etc. you might simply install it for them and show them how to use it. That part even less technical people can deal with...the setup not so much. You can still run your own mail server with TLS-support anyway, but see it as icing on the cake, not real security because of above mentioned issues. But every bit helps.
> > Speaking of data retention, do they really log my email?
> They also read it/search it, forward it to human analysts based on triggers, save it...perhaps for eternity etc..
> Granted, it's not the ISP's doing that but other three-letter organizations.
To answer your question a bit more:
AFAIK, (E-Mail) Providers are forced to save the sender, his login ID and log-on/log-off times, recipients - including CC's and BCC's (both directions), subject line, dates/times of sent and received mail etc.. Basically the headers and then some. It's retained usually for 6 months (ISP saving the logs somewhere). There is no requirement to save the actual e-mail content/body, but may be saved as well.
Depending on the country it's more or less easy for police etc. to legally get that data (we'll leave the NSA-style spooks out of this, since they read everything anyway regardless of ISP data retention).
If you want to protect yourself, you need, as mentioned, a separate e-mail provider, preferably in a country without such crap. Then your ISP can't log anything because all they see is SSL traffic.
Another option is using anonymous remailers, since they are specifically designed to prevent traffic analysis.
> Speaking of data retention, do they really log my email?
They also read it/search it, forward it to human analysts based on triggers, save it...perhaps for eternity etc.. Granted, it's not the ISP's doing that but other three-letter organizations.
> Time to figure out how to encrypt my IMAP communication.
It's not a bad thing to do so, but your ISP (where your mail is) still gets to log everything as before. You'd need an external provider for SSL to make some difference.
> (Maybe it's encrypted already, but I'd like to be sure.)
Check your account settings/connection settings. Usually it's through a different port, sometimes even a different mail server/hostname thereof. The use of SSL needs to be explicitly turned on there. Check with your e-mail provider what the settings need to be. It's usually not advertised but available. Make sure to change both incoming and outgoing connections if applicable. Also make sure to change the settings for all devices you might use for that account (laptop, workstation, cell phone etc.).
> But they were also kind of dicks about that whole independence thing. So it all evens out.
And Americans were then The Terrorists(TM). So I guess, you're right.
OK, can see the SSO part of it.
Firefox is even more annoying when it comes to signing on to the proxy: when you have your tabs saved on restart, it will pop up a login window for every freaking tab! Ironically it behaves far better when crashed and it asks you if you want to restore your tabs. Then the login window comes only once and then gets applied for all tabs once you restore them. I truly hope, they fix that nonsense with the next version because it takes me a good couple minutes, sometimes more just to start the browser and get all the tabs going...
> once firefox and/or chrome have enterprise tools to make it work with activedirectory
Am not sure why the browser would need 'enterprise tools' for AD (what kind of tools anyway?)...we use AD at work and Firefox is offered pre-packaged for all those, who want it. Tell me what you mean...
> just type it all out in another window (text editor would be easiest), proof it carefully, then copy/paste.
Or even easier, use the built-in search entry bar in Firefox (to the right of the location bar). It only gets transmitted when you hit Enter or click on the magnifying glass icon. Couple that with the Scroogle Firefox add-on and you're searching anonymously and SSL-encrypted (FWIW):
https://addons.mozilla.org/en-US/firefox/addon/12506
Always wondered though, if you can still do an anonymous search in one tab while having your non-anonymized Gmail account open in another. Probably not...
> They weren't CA keys, they were the private keys belonging to certificates
> used by two hardware companies to sign their code.
The people having access to those just as easy can have access to the private keys of any of the dozens of SSL CA's!
> If they were CA keys then every single certificate signed by those CA keys
> owned by literally thousands of companies would have to be revoked and reissued.
Well, first you'd have to know they were compromised, wouldn't you. Obviously nobody knew about the compromise of the hardware companies' private keys before Stuxnet either and those that did...well...used it to their advantage without telling the world.
Eventually a similar story of MITM's or outright attacks using compromised SSL CA's will come to pass. Until then, let's make sure we keep paying for 'the trust' they so graciously provide....
> you can find out things through Facebook that you are prohibited by law from asking your employees
Well, unless the (prospective or actual) employees have sensible privacy settings, namely everything Friends Only. Assuming they're careful of who they add as such 'friends'.
> > Democrat Bill Clinton'
> Yeah, but he had sex.
No...he did not have sex with that woman! He might have smoked her but didn't inhale... ;-)
> 3D without immersion is pointless.
I'd wait for the holograph edition...
This proposal can only work if encryption is outlawed for private citizens. Basically the E-quivalent of scrapping the 2nd amendment. So how about doing something against it? Most obviously: Start encrypting everything you can. Install the HTTPS-Everywhere plugin for Firefox, make some keys for GPG even if you use them for clear-text signing, encrypt your Instant Messages, encrypt your hard drive etc.pp.. Then do the same for all your relatives and friends (make it easy for them).
Why? Not because (most likely) your stuff is that important. No. It's to send a clear signal to everyone you communicate with: Hey, I value your privacy, I value mine. And Gentlemen don't read other Gentlemen's mail! So Gentlemen....get to work.
> Morally the US government cannot be defended. In fact morality and government don't even belong in the same sentence.
> Governments fight and win wars, if you want morality go to church.
Agree. But church and morality don't belong in the same sentence either.
> Deleting history, etc. is right there in the preferences. Now who's the idiot, dufus?
You are, because you demonstrate your lack of reading comprehension. Nothing personal. :-)
> Clearing the cookies daily is what I always wanted.
Then you might like the AskforSanitize add-on too, because it gives you the option of removing history (or only the cookies if you like) via a time-span selection. See above in the thread for the link.
> there used to be the additional option of having that same selection as a pop-up window on exit (closing the browser).
> This was done away with...dunno...with 3.5+, I think. That's what I mean.
> Install the BetterPrivacy Plugin to see roughly, what it was about.
Sorry...the wrong plugin (even though BetterPrivacy is another must-have).
I meant, of course, AskforSanitize:
https://addons.mozilla.org/en-US/firefox/addon/13015/
For what it's worth: The option in the FF preferences, besides the still existing "Clear History when Firefox closes", was a simple 2nd checkbox: "Ask me before clearing private data" (or 'Ask me before clearing history').
That would trigger the pop-up window on exit, giving you the options of simply accepting the defaults with OK and clearing the history according to your global preferences, manually overriding the defaults and clearing history custom-by-session or cancelling the deletion altogether. You do NOT have these options available anymore...it's either all or nothing. And that's a clear loss of functionality.
If you did not check the "Ask me before" box, it would simply delete the data as specified via Preferences as is now the only possible behavior.