Ameliorations 1.0

I’m on more than a few mailing lists that are user support oriented (everyone on the list helps everyone else if they can) and one of the biggest issues I see with people using software aren’t special use cases, which for most of the mailing lists I’m on make up a very small minority of the posts, but are installation issues. They download the software, think they have installed it, are told to reboot the computer and either something strange happens (like the computer hangs on shutdown) or they reboot and cannot find the install file they just downloaded.

I have a sneaking suspicion that these users fall into one of two categories.

Category B-One: The n00b

These are the users that buy a computer, are told amazing things about their capabilities, and when they get home they expect the computer to do everything include making the coffee. Even after many years of computer use, the n00b never gets out of this mode of thinking and often runs into problems with the most basic of tasks if for some reason something doesn’t go as expected. This type of user exists everywhere. Usenet. Forums. Mailing lists. You might even have some n00bs in your own home! Of course I do not use this term in the pejorative (although n00bs definitely task my patience more often than not) but only to describe a type of computer user.

Category B-Two: The neophyte

The neophyte, or newb (note difference in spelling), is someone who just bought a computer, has been told all the wonderful things their computer can do (and probably only believes half of those claims (and rightly so, making coffee is a non-standard feature folks!)), get home and begin using it. They initially have the same amount of problems as the n00b, but over time they actually learn how to use their computer and soon progress to asking questions only when there are problems in special cases (like they are trying to work with a large spreadsheet that is doing multiple calculations and are trying to split it up between multiple sheets while keeping the calculations linked) or they cannot find a solution anywhere on the net.

For category one users, there is nothing to be done accept to have patience with them. They are never going to learn because they think or have been told they don’t have to learn. They have been trained and told so many times that their computer can do everything for them without thinking that when they sit in front of the computer, they stop thinking.

For category two users (the category I think most regulars on a support list wish everyone would become), there definitely still has to be patience for their neophyte age, but a warm welcome to the club once they have reached that plateau where they are ready and willing to help others. Of course upon reaching that plateau, we also hope that they do not become so enamored with their accomplishment that they become one of the next two categories of users.

Category C-One: 31337 h4×0rz

Someone who has become so enamored with their own successes and the ease with which they came, forget where they started and that everyone starts out there. They are haughty, often given to dreaming up of form flames for those who seem too dense to learn anything, and have no care for lesser beings. This kind of behavior is a gateway for the next category.

Category C-Two: The troll

The troll generally has no problems, and if he is a regular on the list generally sticks around only to point out others mistakes (no matter how insignificant or inconsequential they may be), have ardent beliefs about certain things that they think everyone should stick to (and will start and continue discussions on those points) such as what should and should not appear in someone else’s signature line, the use of url shorten-ers, or the benefits of in-line vs. bottom or top posting (I’ve been involved in the latter, but hopefully in a non-confrontational manner while the troll is all about confrontation). Those are just some of the topics a troll will continually bellow about. The best thing to do for a troll is to ignore them and hope they go away or learn to tolerate them.

Neither of the above two categories are very helpful to the first two categories. They cause skewed expectations for users so they are now afraid to join other support lists because of the abuse they received at the hands (indirectly or otherwise, anyone who opens a flame is abused, not just the recipient) of 31337 h4×0rz and trolls.

The most prized of all help on a mailing list, and those who have realistic expectations of what a computer can and cannot do, are those who fall into the following two categories.

Category A-One: The developer

The developer is someone who has major amounts of time providing code to a software project and is considered to be one of the sources of information for the complete ins and outs of any particular piece of software. Often haughty, they do sometimes try to have a humble attitude toward both n00bs and neophytes, while despising (rightly so) the h4×0r and troll. While the view that they now the piece of software like the back of their hand is often unrealistic — they may just work on one particular piece of the entire project — they know where to do for the answer. If you can find humble developers, you’ve truly found people worth emulating and a project worth supporting.

Category A-Two: The expert

While this category of user might not be an actual expert, they have enough experience using whatever software your asking for help with that if they don’t know the answer, they know where to point you. Sometimes they can also seem haughty and intimidating as their first response is to RTFM, a suggestion to read the actual documentation (if the question is about basic features) is quite common because it can not only be illuminating about the issue at hand, but others that might crop up (and now probably won’t because you’ve read the documentation) in the future. This is the type of user that every developer hopes that the neophyte will become, and even has the vague hope that a n00b will someday reach this level too.

What all does this have to do with expectations? A lot, unfortunately.

n00bs expect everything to work automagically with minimal intervention and learning on their part. Life just isn’t like that. It’s a continuous learning experience no matter what you’ve been told. When you download an installation file, it requires you to at the very least click on icons representing the file and to follow instructions printed on your screen. You have to make choices, even if you leave things at the default (there is no such thing as not making a choice). Unfortunately, too many people have the misconception that computers are magical work devices so ingrained to them that it is all but impossible to remove. The C- category of computer users are also in the pickle of having what is unacceptable behavior so ingrained that they do not know any other way of being. I think I fall somewhere outside of all those categories, because I have moments where I’m all of them (except developer, I am not a hacker (in the sense of being a clever programmer)), as much as I hate to admit it.

Computers don’t “just work”. They need input, whether from a human in the form of clicking on a mouse and typing at a keyboard or in the form of a program (which was created by someone most likely typing at a keyboard and/or clicking on a mouse). There also needs to be responsibility for ones actions at all levels. The n00b and neophyte both need to understand that their actions have all sorts of consequences (including unintended ones) whether they are negative or positive. h4×0rz and trolls understand that and try to use it to their own advantage (extended flame wars without them trying and the like). That is simply a lack of morals. Good moral behavior excludes trolling. It excludes the haughty behavior of the so-called h4×0r. The developer and the expert just need to continue working on their patience and thick skins since, unfortunately, the whole world will not become one of them. In reality only a tiny minority will ever actually make it to that level. For those on the way, that simply means we need to positively reinforce them, even if it’s with a small, off-list thank-you for the help they have provided. The n00bs and neophytes of the world make up a majority of all users out there. There is constantly new software in development and new people trying it out.

Even the Bible is clear on this subject:

Whoever loves instruction loves knowledge, But he who hates correction is stupid. Proverbs 12:1 (NKJV, the RefTagger might display the NIV version, which replaces instruction with discipline).

So it is with computers. Those who love instruction eventually become experts or developers. Those who hate correction are doomed to be n00bs (and even possibly trollish n00bs). Just don’t forget who the source of all knowledge is.

Current Mood:  accomplished

In the beginning of this series on security, “The Privacy Mandate“, I talked about why one should worry about their privacy and security online as well as some tools to use to make your experience that much more secure and private. In “Getting Serious About Security“, I discussed how to make your browsing and IM experience as anonymous as possible. Today I would like to discuss email security with you.

For as long as email has been around, it’s always been seen as an open, non-private means of communicating with others. Passwords are generally transferred in plain text for both sending and retrieval (smtp and pop3) or without an encrypted connection (https) to the net (in the olden days at least, now-a-days most if not all good providers use https for their web login). So how can you secure your email communications? First, you can start by changing your password on a regular basis (once every six months should suffice) or have a sufficiently strong password (if allowed, such would included mixed case, punctuation, and numbers) to change once a year.

If you are on a multi-user computer and you value your password enough not to share with other users of the computer, why would you share your email password with every server on the net that your data passes through? The answer is you probably wouldn’t, and you shouldn’t. If you have a decent mail host you should able to connect via SSL or TLS. Both are accepted means of transmitting your user name and password and email (at least to your mail server) in a secure manner. If you’re mail host doesn’t provide such connections, I urge you to petition them to do so or find another mail host. There are plenty of them out there that respect your privacy enough to provide such secure options (disclosure: My own web host, Blue Host, provides TLS connections).

Now that is all well and good for getting your email to and from your mail host, but what about around the rest of the web? How do you let people know that the mail is from who it says it is? How do you provide them with the security that there isn’t someone else intercepting your email?

That is where tools like GnuPG come in. Coupled with a good MUA such as Mozilla Thunderbird with a plugin like Enigmail (GnuPG is a pre-requisite for using Enigmail) to digitally sign your email. Of course that’s only the last step in this process. There are probably plugins for your particular MUA, most are listed here. My own experience is with Thunderbird and Enigmail currently. I’ll be getting to Microsoft Outlook and one of the plugins for it in the coming weeks. Otherwise, feel free to submit your own setup instructions and screen shots for your particular MUA in the comments for inclusion in an updated security how to. To begin with, after you have GnuPG and Enigmail installed, you first need to generate your first key pair.

Identifying Yourself And Securing That Identity

So we’ve got GnuPG command line client installed. Maybe we even installed the GnuPG Shell to go with it. We have Thunderbird ready with the Enigmail plugin. Where do we go from here? Notice: All instructions are for Thunderbird 3.0 and Enigmail on Windows XP SP3. Your mileage may vary. Instructions for other clients and on other OSes will be addressed in a future web site feature combining this series into one document.

First lets open up Enigmail from the menu in Thunderbird. The menu entry will read OpenPGP and can be reached with alt+n or the mouse.

Next we want to select the Key Management option.

Now, if you haven’t received any email that was PGP signed to verify, your key management window will be empty. We will fix that by selecting the the “Generate” menu option, selecting “New Key Pair” from the drop down.

For most users the default, basic options will suffice. Follow the resulting instructions (doing lots of disk intensive operations during key generation is not only recommended, it should be mandatory). Put in a passphrase (not using one really defeats the purpose of securing your identity in email communications. If you have more then one email account setup in Thunderbird, you can generate a separate key pair for each account. Just keep your pass phrases secure, if you forget it you won’t be able to use the key you just created! For more advanced users, click on the advanced tab for some more options.

As you can see, you can select the key size (bigger is always better in this case, although it is also slower) as well as the algorithm to be used (I suggest researching on your own the differences between the two different options, although I will go into a discussion about them sometime in the coming weeks). Once you have your pass phrase typed in (twice), you’ve checked the option to have the key used with the identity selected, click generate and start doing as many disk intensive operations as you can. Open and close large programs as much as you can (without making the system unstable, of course). Open and close large files. Do everything you can to help add to the randomness of the key generation. The more random data that can be collected during key creation the better off the key will be.

When you’re done with that, your key management window will have your new key listed. You still have one more step to go, though, before you’ll be fully ready to use your key (and let other people verify it). You need to upload your key to a key server.

You’ll just need to highlight (select) your key, and then select the upload key to public server option.

Once your key is uploaded, you are now ready to sign your email, letting people around the world (who use PGP/OpenPGP/GnuPG) know you are who you say you are. Of course there is the issue of verification. It gets harder, though, the less you know a person. Ideally the best way to verify you are who you say you are is to not only exchange keys in person, but to sign each others keys in person as well. That is the only 100% way to achieve verification of the other person. With less reliable methods, you can only at best be marginally sure that you are talking to who you think you are talking with.

Two rules of thumb to remember when using GPG (or any other public/private key pair identity system):

1. Never, ever share your pass phrase with anyone.
2. Never, ever lose track of your private key. Without it your public key is useless.

There is tons of documentation out there for the use of Enigmail and GnuPG, especially on their respective sites. If you are new to using either of them, I highly recommend reading up on the documentation. In a world where personal security and identity protection is essential, you can never have too much information on the tools you are using.

Providing Yourself Anonymity: Anonymous Proxy Relay – Tor Settings

The next step in providing yourself with privacy is setting up Thunderbird 3 (as with GnuPG, other clients/platforms will be included when all this gets combined onto a static website) to use Tor for anonymous proxy relay. You will most likely also have to adjust time-outs accordingly (which will be discussed here).

The settings will be just like for Firefox. The reason for the connection time out change is because it can sometimes take longer then normal to establish a circuit to and from your mail server (if you are running a local mail server, this might not apply, see your mail server’s documentation for passing it through a proxy once it’s outside your local network if you wish for this additional layer of privacy).

This takes care of your proxy settings. If you connect to any mail server over an unsecured connection (port 110), Tor will warn you about this potential security hazard. If you absolutely cannot use SSL or TLS with that server, all you can do is ignore it, but this means that anyone who intercepts your packets to the entry router or from the exit router will be able to read your login and password details.

To adjust your proxy timeout settings in Thunderbird, you will need to hit ok on the connection settings and open the config manager. Take heed of the warning! If you are not entirely comfortable messing with these settings, I recommend that you find a trusted friend who is and ask them to do this for you. I make no guarantees about the continued stability of Thunderbird if you mess with any of the settings past what I’m showing.

From here we want to search for timeout settings.

I use 1800 seconds (yes, that is measured in seconds) because it provides a sufficiently long enough time for a circuit to be created. I’ve had great success with those settings. If you use Thunderbird for NNTP, set the mailnews.tcptimeout to 1800 seconds as well.

You might have some issues with RSS polling if you use Thunderbird as your news reader as well. I highly recommend moving to a stand along application for reading your news feeds.

That about covers securing your privacy and identity within Thunderbird. I’ll have one more article concerning encryption of your IMs in the coming weeks as well as everything else I’ve mentioned. That will be my last article in this series before I move everything to a static website.

If any of these articles have helped you, please leave a comment. Also please leave a comment if you have suggestions or updates or corrections to anything I’ve posted.

Technorati Tags: technology, computers, email, security

Well, according to Slashdot, Spam will be 30 years old on 2 May 2008. Why is this post worthy in my blog? Because it’s only 17 days before I was born. What’s hilarious is that someone actually took the time to type in 393 email addresses to send that piece of electronic mail.

Who knew that they had spawned a whole new industry while at the same time instantly giving themselves carpel tunnel syndrome.

Technorati Tags: technology, email, spam, news

New York Times writer N. R. Kleinfield talks about the fatigue from Sept 11 ceremonies in in this well written piece.

It seems as if there are two groups of people growing up around the debate on whether or not commemorations should continue. Most people on either side are actually cognizant and caring of the feelings of the feelings of the people on the other side of the debate, although there are a few who, after six years of ceremonies and remembering, are fed up with the media circus every year and would just like to get on (mostly people who didn’t have family members die in the incident, but there are some folks who did have a friend or relative die) and the others who would like to see it go on ad infinitum.

Personally, I’d like to see it end. It’s nothing more now then a public spectacle and some good points were raised in the article. How many people throw a big ceremony to commemorate December 7, 1941? What about June 15, 1904? Anyone remember Nov. 22, 1963? How about April 19, 1995? How about April 20, 1999?

Yes, September 11, 2001 was horrific. It will have a lasting impact on our society, but the public commemorations need to end. If you wish to remember on you’re own, I cannot and will not stop you. But don’t ask the rest of us to not turn on the TV or turn a blind eye to the media circus. It’s our world too, you’ve had six years to mourn in public the passing of 2,974 lives. 2,191 days past the original date. When is enough enough? I hope those who died are resting in peace, now. I really do, but the rest of us are still alive and I find it a fitting tribute to their sacrifice that we continue on with the business of living.

In another NYT article, Davide Rohde gives us an update on Afghanistan. If this is the vision of things to come in Iraq, no matter what we do or try to help them, I don’t see any point, politically or morally, to remain in Iraq. We never had an ethical reason to be there in the first place, after all, so why should we risk the lives of our soldiers for their freedom. If they want it bad enough, they’ll fight back against the insurgents on their own, just like if the Afghani’s want freedom like we had it, they’ll fight back against the Taliban. We cannot change the mindset of a people just because we come over and say they have to. Change, especially changes in the one way lives and believes, takes a very long time. Some people never make that change. To call them wrong or evil because they cannot make that change is wrong and evil on our part. We have no business imposing our morals on them. After all, our morals have given us the likes of the current Bush, former US AG Alberto Gonzales, the USA PATRIOT Acts, the Jose Padilla case (a case which he lost, unfortunately) and other horrific wounds that have been inflicted on a document we’re taught to love as kids and hate as adults (I only assume that collectively we hate the Constitution as we continue to rape it, to slash it’s throat and rip out it’s still beating heart day in and day out). Some people would rather us have a more totalitarian form of government. Others, despite the teachings of Christ, would like to make the US God’s kingdom on Earth and turn it into a theocracy. Personally I’d like to give the Constitution a chance again, and I’m willing to do whatever that takes.

The Seattle Post-Intelligencer has a report by Bryan Brumley of the Associated Press about how a Canadian firm by the name of Finavera is deploying buoys off the coast of Oregon to determine the efficacy of wave energy as a renewable resource. According to the article, OSU is planning to deploy their own boy late this month to conduct a similar test. While this does have the promise of being a source of renewable energy, has anyone actually thought how this might affect the tides and currents? After all, we are taking the energy of the waves and transferring some of that into electricity. It seems to my untrained eye that this would reduce the strength of tides, and aside from giving beaches a new lease on life, it could have other potentially more harmful side-effects. I’d really like to see the research into the side effects of wave energy as a source of electricity before we begin running any large scale tests, or even large scale deployments. Finavera seems to think that buoys similar to Aquabuoy 2 could provide North America (the U.S. and Canada) with 5-10 percent of it’s electricity if successful. That’s quite a staggering amount considering all the electricity we gobble up each year. If these buoys and energy transfer stations (that’s basically what you’re doing here, is transferring energy in one form from one device (kinetic, waves) to another form in another device (electric, buoys or whatever form this technology takes), what sort of affect will this have on our currents, and from there our climate? Will we make it hotter or colder? Will it cause more or less rain over land? What about hurricanes and typhoons? Do the statistical models being used answer these questions or are they just developing the technology with no regard for the weather patterns these waves and currents help produce and move around the globe?

According to this Mercury News report I found at this article on Slashdot, German legislatures want to make it legal for the government of Germany to send trojan’s to terrorists. God help us all from the fallout on that one if and when they start making sweeping claims like the RIAA and MPAA does.

This Slashdot article tells of how a site, called Wikileaks, a Wiki for whistle blowers (now there is an idea I like), broke the world’s largest corruption story in the international press. That’s how we’re going to end up if we aren’t careful. Politico’s wanting to stay in power do anything and everything to ensure that they remain in power. It’s already happening, folks. I’m sure most people who read this blog know at least by definition what gerrymandering is.

In other news, Republican Blogger Bill Hobbs just got hired by the TRP to serve as their communications director. As much as I dislike the GOP, I think they couldn’t have made a better choice. Even though Mr. Hobbs and I disagree what it is that America needs and what needs to be fixed, this gentleman is extremely well qualified. Congratulations, Mr. Hobbs. Know that I’ll keep reading your blog as I find your well written posts refreshing and often times insightful. Even Stacey Campfield has picked up on the news, noting he joins Kara Watkins as one of the bloggers hired by the GOP. Stacey serves as a representative for a part of Knox County in the TN Legislature (I think it’s part of Knox County, I’m not sure how the district lines are drawn for state offices).

Another favorite blogger of mine, Say Uncle, is honored to be considered part of the so-called Triangle of Death

From a new blog I found, called The Best Article of the Day, I found a short story from Isaac Asimov that is just freaking awesome. Here is the post, I hope you enjoy reading the story as much as I did. Truly a brilliant piece of literature.

Over at Townhall.com, some of their bloggers recount the TX straw poll and note, incessantly, how Ron Paul came in a distant third (posts are here, here, and here). So OK, he came in a distant third, but his official and unofficial campaigns are probably the biggest, most vocal campaigns in all the nation at the moment. With his grassroots supporters having organized on their own, all over the nation, I think he has a much better chance of winning the election due to the vigorousness of his supporters, a vigor that promises to be unceasing until election day if he gets the nod. I already know I’ll vote for Ron Paul over whomever the LP gives the nod to if he’s on the ballot.

Technorati Tags: news, government, technology, email, science, politics

Welcome NBC – Rmail Blog

In the above link, we learn that tiny RSS-to-Email service RMail was bought by NBC for an undisclosed sum. I first found out about this from an RMail update on Roger Cadenhead’s blog, Workbench in this post.

While I am happy for Randy, as this was a good business move (as well as project move) for him, I so distrust huge companies like NBC that I’ve decided to stop using the service. I don’t want to one day open up my email to updates littered with banner ads. I used RMail because it was a simple way of monitoring the blogs I like to read without having to launch Sage from within Firefox and having the updates in nice, digestible chunks.

So here’s my salute to you, Randy. Congratulations on making a big splash in the world.

Now if only TechRepublic or even freakin’ Slashdot would pick up on this story.

Technorati Tags: money, news, technology, email, web, ads, rss