So, it's New Years yet again. Last New Years, I had FREE written across my forehead as I headed out with the last load from my apartment, preparing for my new life. Now, I'm in Jamaica, after six dream-like months in Venezuela. I still miss Venezuela (and feel for it, as it's in a pretty dark period in these days). Naturally, I miss R dearly, still. Nevertheless, I'm well settled in Jamaica, (yeah, it's a tough life, huh?) and doing fine here.
So, I saw this poll and thought it was pretty good for the New Years. I'm modifying it slightly, to give more emphasis on my resolutions.
-I was a Junior in college
-I didn't know how to dance
-I hadn't begun thinking of my thesis
-I hadn't had a serious relationship
-I'd never supported myself, financially, or travelled by myself abroad.
-I worked a normal (kinda), well-paying job
-I was paying all my own bills
-I broke my toe during New Years celerations
-I had high blood pressure
-I was unemployed, and very happy about it
-I was without medical insurance, renters insurance, etc.
-I had tickets in hand to fly to Caracas, Venezuela
-I had just gotten back from Venezuela and was desparately repacking for Jamaica
-I'd just broken up with R, and was missing her terribly
-I gave a taxi driver directions in Kingston, 'cuz I knew the area and he didn't
-I distributed hot lunch and toys to inner city Kingston with someone I'd met online (only) previously who visted my for XMas.
-I got a tan
-I walked through a shantytown in Port Royal to find a boatman to take us out to Lime Cay.
-I got a long email from R. Damnit, I still miss her terribly.
Looking at my private list of goals I had for Jamaica, I'm kinda running low. I'd like to get better with the Patois, better at dancehall moves, and continue getting more self-confident. Jamaica hasn't been good to me, physically, like Venezuela was, and I need to take it upon myself to walk more and eat better, so I can continue my trend. On a more personal note, I'd like to hammer out
Stats:
Mood: Hopeful
For dinner: Potato soup
Sometimes, I get really tired of living such an exposed and analyzed (by self and others) life. The value of the journal still outweighs this annoyance -- there's nothing like going back and reading my life for a good quick ego-boost. Still. My journals get enough visitors who are no longer just random people, or friends I don't see often, but people I see every day, and people I date...
This leads to some amount of self-censorship that I didn't used to have (especially as these people are increasingly reading it often, so I don't even have the advantage of things being long washed past under the bridge before those involved read up). Mind you, this is not so much a complaint, in one way it's really cool, but it is a complication I didn't use to have.
This of course has led me to keeping a more traditional diary (geek-level) on my laptop that's encrypted (PGP 4096). (OK, honestly, it's just (dramatically) increased the frequency I update this private journal). I would post (some of) these to my website with some additional keys tacked on to relevant entries for others to read, but of the people who'd be the recipients of such entries, only one of them has a key of which I'm aware.
I'd like to take this moment to remind people of my beer-for-PGP offer. Buy me a few beers and I'll show you how to use PGP. As it is, I'll just email you detailed instructions and you can pick up the tab next time we're beering it up, whenever that might be).
Ooh. Even better. I'll put you all in beer-karma debt by posting the instructions right here! Hah!
"Encryption...is a powerful defensive weapon for free people. It offers a technical guarantee of privacy, regardless of who is running the government... It's hard to think of a more powerful, less dangerous tool for liberty." --Esther Dyson
You see, encryption (crypto) isn't just about protecting your personal privacy, though it can certainly do that. It's really about being polite to your friends and buddies, who might want to tell you something private, but can't. Understand that email is NOT SECURE. It bounces around on the Internet until it finds a computer that knows where it wants to go (of course, in modern times, this is usually the first server it gets to). Nevertheless, anyone on your network (in a workgroupish network), or who works at your ISP, or who works at the recipient's ISP, or who is on the network of your recipient's computer, can read your email if they want to. It's really Not That Hard. You can download a program called a packet sniffer (Ethereal is particularly good) that will watch every piece of data that moseys through the above networks and read it. Email is plain text. Not encrypted. Not secure. (I should note that packet sniffers are not evil. They're excellent tools, especially in tracking down suspicious or malevolent activity on a network). The same, by the way, goes for websites you surf. Nothing about those are hidden unless you're using SSL (the lock lights up at the bottom of the browser screen), and even then the URL is visible. Yet another good reason not to surf porn at work.
So, crypto protects the content of your messages. Of course, the address of the recipient and the subject are still visible in most systems, so. It also protects the content of people using encryption to send stuff to you -- but to enable that, you have to set up encryption on your end.
It's like (on one side) a dropbox. Anyone can slip a piece of mail into it, but only you have the key to open it. This is 'public key encryption' (asymmetric), which has keys that range (generally) from 1024 to 4096. The current recommended size is 2048. SSL keys are generally 128 (approx. equivalent to 1024bit) bit, because they're using what's called private key (symmetric) encryption.
Anyway. Public key stuff first. Asymmetric encryption consists of two keys -- a public key (hence the name) and a private key. You can give the public key out to everyone -- it's the address for the dropbox, in our analogy. People can use it to encrypt a message so that only you can read it. Your private key is secret, and you should generally keep it secure (hardcore cryptologists would argue that if you protect it with a sufficiently secure password, you could let it be posted to the Internet, but even I don't generally create passwords that secure). You do have to password-protect this key, and most people wisely use a passphrase -- i.e., instead of just a short word like you'd normally use, they type in a whole sentence, preferably with a mix of capital letters, numbers, and punctuation included. The longer the better.
(Geek departure: the average letter in the English language has an entropy of about 2 bits. Passwords are symmetric encryption, so if you have a 1024bit key (roughly equivalent to 128bit symmetric), a password with less than 128 bits of entropy is reducing the security of the system. Mix in enough non-lower-case-characters, and you increase the entropy to about 3 bits per character. There are symmetric/asymmetric equivalencies posted online (google!), so if you're approriately paranoid, you should find what the recommended password length for your key size really is.)
(Return from geek departure to quick sidenote. See the movie Swordfish? Remember the scenes where the hacker hero had to get through crazy-sounding encryption, and did it? Remember how they explained it? "Logic bombs", "virii", "password sniffers", etc.? None of those broke the encryption, they broke the implementation, the surrounding programming. Crypto is rock solid (for now, there's always new developments that reduce it's security, and new discoveries that make better ways to encrypt), it's never the thing that breaks -- it's always, always (ok, almost), easier to break the system (passwords being the most common).
Ooh, wait. Passwords. Quick password tips: DO NOT USE BIRTHDAYS, NAMES, PET NAMES, OR FAMILY NAMES. Or any of those backwards. Don't write the password down on a post-it and stick it to your monitor, or under your keyboard, or in the top drawer, etc.
OK. Back to crypto. Sorry. So, you make your public/private key pair. There are directories online that will hold your public key. Other people can 'sign' your key once they are sure that it is you who posted the key, to let others know that this is your key, and not someone trying to impersonate you. You can sign other people's keys as well, but should make sure it's their key really before doing so.
Modern crypto programs actually do something really really cool such that you can encrypt a message to multiple recipients without having to re-encrypt the same message a bazillion times, but let's leave that at hand-waving.
Symmetric key is actually cool and simple, and faster. It's just hard to securely transmit the secret key (it rapidly becomes a chicken-and-egg problem, which is why public key encryption is so popular, and often used in conjunction). It's like having a safety deposit box at the bank, such that anyone with the key can add or take out (read or write) stuff into the box, but it's highly secure from anyone without the key.
There are packages you can purchase, stuff to download for free, and online services to use. The best and most standard is PGP ("Pretty Good Privacy"), which is also a historic piece, as it was the program that really put a fire under US policy, and almost got its programmer thrown in jail. The US under the Clinton administration made some great strides to reduce the insanity of crypto regulations (the cat was far, far out of the bag when the US tried to close said bag, and the laws really killed development of crypto within US borders. Ask a crypto developer for horror stories, and you'll get a bunch. I know a few, so you can ask me, as well.
Anyway, there's a pay-version and a free version of PGP. I recommend the free version, available at the MIT home of it (http://web.mit.edu/network/pgp.html). There's also GPG (Gnu Privacy Guard) which is compatible and better, but last I checked only for Linux. Both plug in to most email programs, which is a key (pardon the pun) feature. As for online services, remember that I worked in this industry for 2 years. They all suck! The only one I'd recommend using is Hushmail. Well, eCertain, of course, but it alas is no longer available. The others seriously are pretty bad, if you're caring about end-to-end security. They all, (excepting hushmail and a few others I seem to recall) break the security midway, and introduce lots of little holes that could potentially be broken. Also, excepting MailEncrypt and Hushmail, are incompatible with other crypto formats, so unless your recipient has the same program, you're screwed (or the recipient will have to sign up, which is not necesarily secure).
Often, it will automatically integrate into your email programs, so you just have to press the "encrypt this" button and it'll work... IF you have the public keys of all the recipients. You have to get these before you can send them encrypted mail. You should just email all your friends and ask if you can't find them in the online key directories that your encryption program will come with. You can point them to this journal entry if they want to sign up for encryption.
There's another feature called 'signing'. It's valuable to prove that a message came from you and has not changed since you sent it. These signatures are now legal in US courts of law... It's basically encryption in reverse (Encryption: Everyone can for-sure send to just-you; signing: You for-sure (not anyone else) can send to everyone. Signing does not encrypt a message, and you can sign a message that you don't encrypt.
It's the postcard analogy. Email is a postcard -- anyone can read it along the way. You can sign a postcard and anyone can recognize it's from you. Or, you can get an envelope and send your message there, where only the recipient can read it. You can also sign (or not) the message inside the envelope.
There's a LOT left here unexplained, because at this point so so much depends on each specific installation, email program, etc. etc. etc.. Feel free to ask me questions via email, just tell me what crypto program you're using/want to use, and what email program, and what OS (windows...?).
Stats:
Mood: Secretive
Listening to: Jamaican Dancehall, mostly Sean Paul
For dinner: Tortilla soup (yum!)
(Apologies for the recent burst in activity -- the crypto post was actually bouncing around for a while, but didn't get posted when written due to a dead floppy disk transporting it to Internet access.) (No net at home, hell, no phone line at home. Six months and counting waiting for the monopoly phone company to install a line, but soon, deregulation happens...)
Anyhow. I received a birthday card from my parents in the mail today, which spurred my brain on to think about my upcoming birthday and related issues. I mean, soon after my birthday is VD (Valentine's Day). This (barring unseen complication over the next 2 weeks) will be the first VD in my life that's coincided with having a girlfriend. Which means it will also be the first where I don't get to hunker down and commisserate with other single friends, share comic emails and take refuge in how much money and hassle we've been excused from.
This led to a further ponderance of just how much of my normal, day-to-day self is constructed around being single. I think it's actually a pretty central part of my being. I'm used to dating, but not being in a relationship. This I think was what caused some part of the earlier friction -- K and I went from 0 to relationship in what can only be considered record time, so there was no easing into it.
Bah. There's not too much to do about it, except be aware of it, change parts that I'm willing to change and work around others.
Stats:
Mood: Older
Listening to: trance/electronica
For dinner: Cooked by friends
Beginning my first full calendar year in Jamaica, and much to celebrate
... New Years in Jamaica
| email: | (my name) (`at') G r i f f J o n (`.dot')c o m |
|---|---|
| PGP | PGP Key |
| efax: | 1.925.666.3613 |
| IM | |
| ICQ: | 16386214 |
| Y! MSN AIM | GriffJon
|
| Web | |
| /. | #14945 |
| LJ: | LiveJournal |
| Flikr: | Photos |
My personal opinions do not necesarily reflect on my employers, schools, any government, U n i t e d S t a t e s P e a c e C o r p s, my friends, or my family.
They may not even reflect my current opinions
Furthermore, these opinions do not unfairly influence any official decisions I make in my academic or professional work.
If you wish permission to reprint or reuse anything within these pages, I require that you contact me for permission. I'll likely give it to you, and probably even a link back.
Software, scripts, and configuration files downloaded from this website come with NO WARRANTY express or implied, and are for use AT YOUR OWN RISK. They are available under the GPL unless otherwise noted.