Sparks' Linux Journal

What happens when pirates play a game development simulator and then go bankrupt because of piracy?

Eric — Tue, 30 Apr 2013 13:32:55 +0000

I really enjoyed reading this article and am passing it along for your enjoyment:

http://www.greenheartgames.com/2013/04/29/what-happens-when-pirates-play-a-game-development-simulator-and-then-go-bankrupt-because-of-piracy/

Greater Security with Two Step Authentication

Eric — Sat, 06 Apr 2013 01:50:19 +0000

Reblogged from WordPress.com News:

We know your blog is important to you, and today we're proud to announce Two Step Authentication: an optional new feature to help you keep your WordPress.com account secure. For those of you who use Two Step Authentication with your Google account, you'll know how useful this feature is for keeping your account secure.

Two Step Authentication works like this: when you log in to your WordPress.com account, we'll prompt you to enter a secret number.

Poll: Do you do code review?

Eric — Wed, 03 Apr 2013 01:40:26 +0000

Creating temporary files securely

Eric — Tue, 02 Apr 2013 19:15:04 +0000

Reblogged from Kurt Seifried:

Creating temporary files is a common use case in virtually every program. Virtually every programming language has a simple and secure way to create temporary files. Sadly many programmers fail to use them, creating security vulnerabilities in their applications. So in alphabetical order here is a list of programming languages and how to create a temporary file securely. If I'm wrong, please let me know.

Encrypting SMS messages and phone calls on Android

Eric — Thu, 21 Mar 2013 13:00:30 +0000

Much of our daily lives are contained within our smartphones and computers. Email, text messages, and phone calls all contain bits and pieces of information that, in the wrong hands, could harm our privacy. Unfortunately many people either don’t understand how vulnerable their data is when sent across the Internet (or another commercial circuit) or just don’t care. While I don’t have much to say for the crowd in the latter category (can’t fix stupid) I do try to help people in the prior category understand that any network outside of their control is fair game for pilfering and that basic protections need to be taken to protect themselves. While I’m not going to dig into how data can be intercepted (there are plenty of articles out there on the subject) I would like to talk about how one can use tools to protect their data when using an Android smartphone.

Until recently email was the only easily-encrypted mode of communication. Most people didn’t have the means of encrypting their phone conversations and certainly not their SMS messages (unless you happen to be using a SME-PED, but those things are terrible in other ways). Now, Whisper Systems have released two open source programs that allow you to protect your communications. The first is called “RedPhone”. This program encrypts your phone conversations and allows you to converse securely. The second program is called “TextSecure” and encrypts text messages using authenticated, asymmetrical encryption.

I like the way TextSecure manages keys and allows you to verify the user’s key directly so you can establish trust. RedPhone appears to use the trust in the phone number for authentication. RedPhone also provides encryption opportunities when the distant party also has RedPhone on their device which is a nice feature that I wish TextSecure also provided. Both of these programs are very easy to use and need very little configuration.

TextSecure also provides an encrypted container for all your text messages so that your text messages are secure if the attacker has physical access to the device.

And OpenPGP is still a great option for protecting your email communications but that is a topic for later.

Port scanning /0 using insecure embedded devices

Eric — Wed, 20 Mar 2013 14:22:12 +0000

Someone sent me a link to the Port scanning /0 using insecure embedded devices article that was recently published. Describing the Carna Botnet, this project aimed to prove (or disprove) the hypothesis that there were one hundred thousand open systems on the Internet in which to make a botnet. I choose to use the word “open” and not “vulnerable” because we aren’t talking about systems that have some sort of unpatched bug that allows access. This researcher only used unsecure telnet sessions to create his botnet.

Because this was for research, no long lasting effects were created by the deployed software but that isn’t to say that other software couldn’t be introduced in a similar manner as was discovered during the experiment. It is believed that most of these open systems are appliances (printers, network devices, etc) which could yield other interesting developments if the software was malicious. This is a good read with lots of data provided inside the article. A good read for anyone interested in information security.

create-tx-configuration

Eric — Tue, 19 Mar 2013 20:00:16 +0000

Last week while publishing a new guide I ran into a problem creating the Transifex client configuration file (.tx/config). The configuration file is generally a hateful file that requires a lot of manual manipulation to add in all the POT files for translation. This file exponentially increases the hatefulness as the number of POT files increase or the complexity of where these POT files increases. In summary, I hate to create these POT files. It seems I always end up screwing it up somehow and the Transifex client isn’t real great about telling you why it failed (it just fails in a non-obvious manner).

I started putting together some bash script to write the thing for me until I realized that the script was going to become unwieldy quite quickly. Luckily I have a boss who doesn’t mind poking me into learning a new trick. This new trick came in the form of Python. Realize that the last formal programming class came in the form of a Java class nearly ten years ago. Since then I try not to touch the stuff. But now I have a purpose… a need… a problem in search of a solution… and an excuse to start to learn Python.

So my creation is called create-tx-configuration. This simple program will read the pot/ directory for .pot files and create the .tx/config file for Transifex to use. While there was a way to have the Transifex client make the config file the process wasn’t easy nor did it work in all cases.

If you have a need to create Transifex config files please checkout create-tx-configuration and, as always, I appreciate feedback.

Privacy Upgrade: Encrypted Internet browsing

Eric — Thu, 14 Mar 2013 13:00:02 +0000

Many websites have both the traditional, unencrypted HTTP and the SSL or TLS-encrypted HTTPS addresses available to access their content. Wikipedia is one good example of this functionality. You can easily view Wikipedia using traditional HTTP protocol but if you wanted or needed a little more privacy the HTTPS address is available as well. Unfortunately it is sometimes hard to know if a website has the encrypted feature or not unless you try. And you might be in a hurry and forget to use the HTTPS version and then you’ve potentially sent sensitive information about yourself out onto the Internet unexpectedly.

There is an easier way, however, to use HTTPS whenever possible. The Electronic Freedom Foundation (EFF) has released a plug-in for Firefox and Chrome that knows of almost all of the commonly used websites that are available over HTTPS and will dynamically redirect your web browser to use that encrypted channel without you having to remember. The plug-in, known as HTTPS Everywhere, will convert any web address from HTTP to HTTPS whenever it knows that HTTPS is available.

Why is it important to encrypt your traffic whenever possible? Well, simply you never know who might be listening to your connection. If you are living in a country dominated by an oppressive government then your liberty or even your life might dictate that you need to obtain your information via encrypted means. Other people might be more concerned with their private browsing getting into the hands of a corporation to be sold to the highest bidder to get more information on you into their files. Others are just concerned with their privacy in general. Whatever the reason it’s a good idea to use encryption whenever possible.

It should be noted that HTTPS Everywhere doesn’t automatically encrypt all websites and users should still verify that the lock is showing in the browser address bar and that the certificate matches the site in which they are visiting. That said, using encryption makes your Internet browsing safer and this tool makes it easier.

The Security Benefits of RPM Packaging

Eric — Wed, 13 Mar 2013 13:43:18 +0000

Reblogged from Red Hat Security:

RPM Package Manager (RPM) was created to deliver software to workstations and servers. Besides being an efficient software delivery mechanism, RPM also provides security features that assist system administrators with managing their software and trusting the code that is going into their infrastructure.

What is an RPM?

RPM is a package management system that bundles software source code or binaries together for easy installation on a computer.

Git access from within vim

Eric — Tue, 12 Mar 2013 23:04:37 +0000

Today a line was crossed. I’m not sure if it was the insanity of spending all day writing nine lines of Python (I am not a developer… I am not a developer… I am not a developer.) or what, but I really wanted to do git commands from within vim (my editor of choice). A quick search turned up the properly-named git-vim. The program does just what I want it to: be able to ‘git add’, ‘git commit’, and ‘git push’ all while never leaving vim. It also does other things but these are the basics that I want. If you want this functionality I recommend git-vim.