Mark
--
Mark Krenz
Bloomington Linux Users Group
http://www.bloomingtonlinux.org/
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
I'm not surprised. Have you been following the law suit?
Microsoft was fined by the EU for not allowing reasonable access to
documentation for interoperability. Then once MS created a program for
interoperability, they were fined for making it too expensive.
Of course, in this country MS can spin it however they like...
(Thanks for the congrats!)
Cheers,
Steven
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
Kevin Ratcliff wrote:
> Just kidding, of course. In many cases an employer has a right to
> monitor employee emails, at least according to articles I've read. I
> wonder what happens if the employer wants to read an email that an
> employee has sent using GPG (using the employers email server). If the
> employee refuses to provide the passphrase (or just decrypt the
> content) for the employer upon request, what happens? Could they
> terminate the employee? I have not idea how this might work.
>
Most people are at-will employees. This means that there employers can
fire them at any time for any reason (or no reason at all) except for a
small list of things protected by Federal Law. Thus, an employer can
fire a black employee because he does not like him, but not because he
is black. This makes for interesting jury trials. Most employers have
the good sense not to use their full powers under the law, because doing
so would upset the remaining employees. Companies where most employees
are upset tend to do poorly in the long run.
> I've read some articles about law enforcement forcing people to
> disclose passphases for encrypted content or face jail time. I find
> that scary, not becasue I'm hiding something, just because it seems
> like a privacy violation.
>
>
If you were paying attention when Starr was using the full power of his
office to try and cause Clinton trouble, you saw some cases somewhat
like this, except that it did not involve encryption. In the US you can
be forced to testify about most matters unless it runs afoul of the 5th
amendment. The courts have ruled that if you are offered immunity then
the 5th amendment does not apply. (I think this even applies with offers
of very limited immunity, but check with your attorney if it is
important to you.) The charge that will keep you in jail is contempt of
court. The good news is that they can keep you there only while the case
you want to testify in is active.
A woman who was suppose to know about Clinton's finances spent several
years in jail while Starr was investigating Clinton. According to her
side of the story, Starr wanted her to testify in a particular way. She
said that if she told the truth, Starr would prosecute her for perjury.
I don't know what was the truth in that particular case, put I do know
that I would be worried if Starr wanted to make my life difficult.
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
Postcards? Letters? Mail? Does anybody do that any more? You mean I
have to pay per envelope and it can take days to get to the
destination? Why would anybody want that?
Just kidding, of course. In many cases an employer has a right to
monitor employee emails, at least according to articles I've read. I
wonder what happens if the employer wants to read an email that an
employee has sent using GPG (using the employers email server). If the
employee refuses to provide the passphrase (or just decrypt the
content) for the employer upon request, what happens? Could they
terminate the employee? I have not idea how this might work.
I've read some articles about law enforcement forcing people to
disclose passphases for encrypted content or face jail time. I find
that scary, not becasue I'm hiding something, just because it seems
like a privacy violation.
Very interesting topic indeed!
> * To get the most out of encryption, you have to use it all the time.
> If only use encryption for "sensitive" emails, then you've suddenly
> indicated that (1) you have sensitive emails, and (2) these specific
> emails contain all of the sensitive information.
Very true. I suppose it depends on the type of "sensitive" material
being sent. On my personal account I don't think I've ever sent an
encrypted message that would cause any really serious problems if
someone knew it was sensitive and even manged to decrypt the content.
I might get very upset that someone had accessed my "private" mail,
but that's about all that would happen.
At work we have a different method of secure file transfer when
encrypted email is not an option. In general I don't send anything via
my work email that I wouldn't want read by my supervisor or even the
general public. Working for a .edu I know there may be public record
laws that may affect my messages, but I'm unclear exactly how those
laws are applied, so I tend to err on the side of caution.
There are a couple of issues I have with encryption for *every* message:
* I only correspond with regularly with about 5 people who actually
have or use GPG keys. Getting everyone I communicate with via email to
use encryption for every message is not likely to happen in my
lifetime.
* reading messages on mobile devices really isn't an option if they're
GPG encrypted, at least not that I'm aware of. The sensitive messages
shouldn't be read on a mobile device anyway, but I like to be able to
read non-sensitive stuff on the go. Again, in my case disclosure of my
routine email messages wouldn't be the end of the world. For others
this could very well be different depending on the type of "sensitive"
messages.
I am definitely not saying that encrypting every message is
impossible, just that for me I personally don't have anything I send
over email I view as critical enough to justify the extra effort
involved in this.
Of course I still want to learn more about GPG and encryption in general.
Barry mentioned Pidgin in one of his messages. I use Psi on Windows as
my Jabber client, and it integrates with GPG for IM encryption. Just
an FYI in case anyone is interested. I'm not sure if there are other
Windows IM clients that do this or not.
One more GPG related item and then I'll get back to work: I have an
Aladdin eToken, which is a small USB smart card that functions as a
card reader too. Private keys are generated on the device and can't be
exported or otherwise leave the device. I bought it mostly to play
with and learn about smart cards and two-factor authentication. It'll
authenticate with Active Directory if the AD environment is set up
just right with a certificate authority. What I really want to do now
though is generate a private key on it and use it with GPG on Windows.
I gave up after trying, though I don't recall the technical reason
that I couldn't get it to work. PGP's paid version does this, I think
with the same model eToken. I did manage to get an SSH private key
generated on the token and use it with Putty on Windows and also with
the openssh client on linux. Not that I need the added security for
anything, it's just fun to try it.
Sorry for the long-winded message. I'm not trying to start an
encryption argument (especially as the "new guy"), just presenting my
views based on my very limited knowledge of the topic. I'm fine with
continuing the encryption discussion on the mailing list if people
want to or just waiting until the meeting if that's preferred.
I hope to attend a few BLUG meetings in the near future!
Kevin
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
Now I can see why the Wine team released 1.0. It runs so much its hard
to believe. It seems magical to run all this Windows software in Linux.
8 years ago I thought that it was somewhat crazy to try to implement a
windows subsystem for Linux, but now its easy to see that the time was
well worth it. Nearly any program that I've tried to run in Wine works
pretty well. Many things run completely. Its amazing. I'm running Wine
1.1.1 on Ubuntu. I've had to copy a few DLLs over from Windows, but
only about 10 of them. Some programs work best if you enclose them
inside Wine's virtual desktop emulator. This is helpful for Games to if
you don't want them to be full screen.
Right now I'm running the demo version of this music production
software called Fruity Loops (version 8) in it. It runs really well
too. Fruity loops is the program that I used 8 years ago to write I
Can't Print (http://suso.suso.org/aural/icantprint.mp3)
http://www.bloomingtonlinux.org/wiki/Image:Fruityloops3.jpg
--
Mark Krenz
Bloomington Linux Users Group
http://www.bloomingtonlinux.org/
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
I will admit, though, I was surprised and impressed that MS opened up a
crapload of whitepapers/documentaton:
http://www.microsoft.com/interop/
http://www.microsoft.com/presspass/press/2008/apr08/04-08ProtocolPR.mspx
Now, we will see where that ACTUALLY takes us.
Steven, congrats on the kid and welcome to the club!
Steven Black wrote:
> On Fri, Jul 18, 2008 at 08:45:16AM -0400, Barry Schatz wrote:
>> I use Windows at work, as my company is a Microsoft shop. I use Firefox,
>> Thunderbird and Pidgin instead of the MS equivalents. My boss tolerates
>> my love of Free software, but never misses a chance to tease me about
>> Linux and how "they missed their chance" or whatever.
>
> I once worked for a company called Be, Inc. They had a really great
> operating system. More than that, it was POSIX enough your command-line
> apps compiled easily, and easy/pretty enough it was fun to use. This was
> back before GNOME or KDE caught on, when Linux was genuinely ugly to
> look at most of the time.
>
> We had a product that was going to ship on devices. We had the
> deals, we had dates. Microsoft violated NDAs and threatened hardware
> manufacturers. They stopped the product from shipping. They killed BeOS.
> Of course, as the shareholders wanted money more than actually proving
> monopolistic practices, the issue was settled out of court.
>
> Microsoft competitors rarely "miss" chances. Typically it is just MS not
> playing by the same rules as the competition. Linux has done quite well
> for itself, considering who they are competing against.
>
> Cheers,
> Steven Black
>
> _______________________________________________
> BLUG mailing list
> BLUG@linuxfan.com
> http://mailman.cs.indiana.edu/mailman/listinfo/blug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIgLofup357T5MfTYRAh/2AKDRKYSAkBXqjt3L3WIwrTE54iasOwCgiCkL
uWj0Xjlz6ZYh1YJ1PHyNMHI=
=aqDv
-----END PGP SIGNATURE-----
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
FireGPG allows you to type of text, then encrypt it right in the
webform. It is a nice idea, but...
By the very nature of the product, it can't set the headers right to
indicate that it is actually encrypted. This causes mailers with good
GPG/PGP support (like Mutt) to fail to recognize that it is GPG encoded
without special hacks which sniff the body of the mail message.
It is a solution if you're trapped in webforms and don't have access
to decent mail applications with good GPG support. It isn't a good
solution, though. It actually can make things much more of a pain in the
ass for people who do use mail apps with good GPG support.
(Yes, I use mutt. I can respond to Outlook events, but managing them is
up to me.)
Cheers,
Steven Black
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
