Technology

Securing Email Isn’t Only For Spies, Dissidents, & Journalists, Right?

by

Over the past year and a half I have been taking lots of steps to secure my digital life. I’ve written a lot about the different aspects of that. My migration from Google mail and other services to more secured options.

One thing I’ve known has been a concern that I’ve not yet addressed the quantity of data online. For example even though I moved my mail to a Swiss based provider I still had my entire email archive available. I have mail going back as far as 1997 I believe. I have been wanting to take that archive off-line and out my email provider’s servers. Over the years I’ve had the packrat mentality where I want to keep all of my messages. Recently I’ve grown to not want many of the messages I received. I’ve been deleting stuff that are unnecessary however there are still things that I get a do want to keep. In general I would like to keep the archive, especially my personal correspondence.

The challenge that I have is that I’m growing less trustworthy of any service provider. Even though my email hosting company is in Switzerland they take no extraordinary security precaution so the system is just as susceptible to hacking as most. That means my mail at rest is in the clear, unencrypted. But I want to do is take my mail and store it off-line so I have more control over it. I currently plan on keeping it in a local archive on my Mac at home. I will also have it backed up on my bit torrent sync network.

The first step in this process was for me to copy all of my mail to a local application. For my purposes I found the built-in Mac mail application to work the best. Once I had a downloaded copy of all the mail I was able to export it to an mBox formatted archive. At the same time I took the opportunity to recategorized how I organized my mail. In the past when I was using Google I had been using tags extensively. When I exported out of Google I went back to a folder structure where each high-level tag was its own folder where I put received mail. When I exported the mail to a local folder I put all sent mail in one folder and all received mail and another. Using mail tags I was able to continue to tag and make smart queries of the male if I ever needed to get a hold of the categories that I used in the past.

Once I had the off-line mBox files I put them in an archive on my BitTorrent Sync network. I kept the live copy in my Mac mail on my computer in case I need to search for and email in the archive. Over the past few weeks after I’ve done this I’m surprised how often I do go back and reference old emails for things like key codes or when did I buy something. After I was satisfied that the mail was backed up I deleted it from my hosting provider.I did leave this calendar year’s mail on my hosting provider. I figured that was a good round number to keep online. I can annually do an archive. Having to be at home or to remote into my home computer to perform mail queries has become a slight inconvenience however it hasn’t been the end of the world.

In addition to moving my entire mail archive off-line I want go further and start using a secured email provider like proton mail that takes extraordinary steps to encrypt the data at rest.I do not need that level of security for all my mail however does come in handy for some of it. There’s been several messages I’ve been hesitant to send or had no choice but to send that contain sensitive information such as bank information or Social Security numbers in the past that I would prefer not to use via email. And of course that’s not my paranoia security experts say never do that. Having a secured provider that encrypts the mail at rest and also has mechanism for sending secured mail to others could be useful. Really what he secure mail is doing is it sending email to the recipient with a link back to the website that secured that contains the actual message. I need to provide a password hint in the body of the mail I send. It’s not perfect however in most cases it will solve the problem of sending outbound secured man.

One of the challenges in a system such as proton mail is that at present there is no mechanism to import or export mail. That means anything I receive is locked into that system. On day one that’s not a problem however I like to have data portability. Protonmail says they are working on that function however who knows when or if it will ever come to pass. I may still use them for some correspondence only and in essence had two private email addresses one for security and one for unsecured messages. That way I can route one I want secured to the encrypted system.

I’ve also been looking at Tutanota as an alternative to proton mail. It appears to have the same import and export limitations however otherwise seems like a very similar and comparable option. Both systems offer a free tier.I signed up for both services to play around with them. I’ve since signed up for a month-to-month service with both of them and them in the process of pointing in unused email domain to Mutant, while I’ve already completed setting up proton mail. Protonmail so far seems like a slightly better option in terms of usability however it is significantly more money per month than Tutanota. The only reason I signed up for the paid version of Tutanota after I signed up for Protonmail was because it was less than two dollars a month.I hope to give both services try for a month or two before settling on one or the other.

For now the combination of moving my mail off-line and having a encrypted provider as needed suits my needs. These changes are all still pretty new so I will see how things pan out over the next month or two before I decide to make any tweaks or to let the situation be as is for the time being.

That Time Were My Security Paranoi Might Pay Off in a Real World personal Scenario

by

In a recent post I wrote about how I had to wipe my Mac Mini at home due to a potential compromise in my chrome browser. The ironic thing with that issue was for months I’ve already started taking steps to minimize the chance of such an exploit. The problem likely began months earlier and didn’t present itself until recently however the damage was already done. It just justifies the extreme measures I am taking taking in regards to securing my web browsing.

At a high-level my approach is isolating some but not yet all of my browser traffic to Linux virtual machine. I know that theoretically a virtual machine is not 100% isolated. I’m willing to chance using the virtual machine over booting into TAILS using a USB key. That level of inconvenience is not something I typically want to be bothered with and I feel that my current solution will be good enough.

Within the virtual machine I installed Firefox and chrome browsers as well as the TOR browser. I also configured open VPN to use my VPN provider. I then set up a visual cue i.e. a distinct background of the virtual machine to note that when I am using it I am in a semi-isolated system.

To protect the virtual machine from most exploits I take a snapshot about every month that includes the latest patch level for all the applications in the operating system. I do not ever use the virtual machine prior to that snapshot to do anything other thank update software or make base OS and application configuration changes I want to be persistent. Once a snapshot is taken I will use the virtual machine and then when I’m done I will revert back to that clean snapshot. I might not revert back to the clean snapshot after each use however I try to do it as often as possible. At minimum when I go to update the virtual machine I will revert back to the last known good “clean” snapshot and upgrade that. Then I’ll take another snapshot.

Late last year I implemented this solution using an Ubuntu 14.04 virtual machine. In April I built new ones using Ubuntu 16.04. Because I own a copy of VMware Fusion for personal use and a work copy of Parallels I have both virtual machine flavors of the operating system image. Other than a few minor tweaks with the new image the 16.04 version is mainly an operating system upgrade. I now have a “secured virtual machine” on all the main computers that I use day-to-day.

The solution isn’t perfect however as a first pass at this I feel that it gives me the best trade-off between additional security and ease of use. The VPN gives me some anonymity. TOR And VPN gives me more. The snapshot of the virtual machine decreases the chance that the system can be infected.

Longer term I want to build a dedicated machine for TAILS or Quibs. That solution would only work at home since I need a dedicated computer setup for it.  For now I will settle for the VM solution I have implemented until I am comfortable using it and able to accept the extra effort involved in a dedicated machine configuration.
What’s interesting or disturbing to me is some corporate executives and even government representatives (NSA labels Linux Journal readers and Tor and Tails users as extremists

I Played iOS 10 Beta Roulette and I Lost

by

When Apple announced that the public betas for iOS was available I thought about trying it out. I then remembered Beta one of iOS and how I had to quickly remove it from my phone even though it wasn’t a phone I relied on day-to-day. This year I waited. Last year around now I felt it was safe enough to try the beta on a phone and generally was okay playing with it through the official launch of the operating system.

Since as of this writing it is late August (22-August and not sure when this post will be scheduled to post) and the launch date for the final version of iOS 10 is close enough I finally installed the latest public beta of iOS 10 on my iPhone 6S Sunday. So far I haven’t noticed much difference. It feels like all his bedding features I was looking for a not yet enabled class apps are written to support them. I am talking about features like unified call log and chat messages in messages from my VOIP applications. Or Siri application integration.

One function that does work is facial identification in photos.I was able to tag some photos with the correct names of people however when I miss tagged one photo I was not able to remove the linkage. There’s definitely some work that needs to be done however so far it looked pretty cool.

Other than the notification pop-ups looking different I haven’t really experienced much change so far. Our plus side most of the apps I’ve tried to use including my dictation app seemed to work without problem. I was concerned about the beta breaking stuff. That is why I waited until late August to try a beta. I am also only testing on one phone that if I ran into a problem I don’t have to rely on.

UPDATE

I wrote the initial part of this post over the weekend and scheduled it to publish on Friday, 26 August. Between the time I wrote it and Wednesday night I had a change of heart. There did not seem to be anything fundamentally wrong with iOS 10. I’m eager to see some of the new functions working when applications are updated to support them however feature wise the beta was just not that compelling to keep using it. The trade-off to using it was flaky network connections where I would have to put the phone in airplane mode and then turn it off every time I came out of the subway. To my dictation app, Dragon Anywhere not syncing correctly even know it mostly worked. I don’t rely on this phone that’s running the beta however it was more nuisance than it was worth.

In the end there wasn’t anything majorly compelling to use the beta or to get rid of it. I took the short term hit of time to do a full restore last night and will eagerly upgrade when the final version comes out.

It’s A Microphone Not A Speaker, That’s Why I Talk Into It

by

Say hi to Snowball. Pretty much everyone that sits near me believes that this is a speaker. They are usually pretty surprised when I tell them that it is in fact a microphone. I would think the people that immediately sit near me here my dictation however maybe I’m more self-conscious then I should be.

What’s cool about the snowball is that with a keyboard command I can turn on my Dragon Dictate app and dictate something pretty clearly and then turn off the listening mode of DragonDictate. I was hoping for and what ended up happening is that this microphone enables me to use the Dragon software more often throughout the day. Before that I would have to put a headset on and take it off every time I wanted to dictate. That was annoying. I also couldn’t listen to music at the same time I want to dictate anything because I couldn’t have two headsets on at the same time.

A guy at work who was dabbled in blogging owns a better model microphone by the same company recommended it. The reviews on Amazon were also pretty good so I splurged a little bit and picked this mic up a few months ago. I’m glad that I did. It is not as accurate as My headset mic right up against to my face however it gets the job done a lot better than any other alternative.

Anything that allows me to decrease the amount of typing I do, the happier I am. I do find however that for longer documents or messages I need to write I prefer to take my laptop and headset and go into huddle room to dictate. I think that is more around being self-conscious then performance of the snowball.

Overall this was a great purchase.

The Time I Had To Nuke The Site From Orbit

by

Back in mid July I noticed something odd with my Mac Mini.  It turned out that At some point in the past few months my chrome browser on my Mac Mini at home was compromised. I’m not sure if it was malware or a configuration hack on the browser.

The problem may have existed for some time. I do not normally use chrome on my home Mac. What I noticed that was odd behavior  after I launched chrome to log into my Google account. Whenever I use my Google account I always login via chrome. Call me paranoid but I do not want Google possibly tracking activities via my login on Safari that I use as my daily browser. When I attempted to log in I noticed that after clicking on login from Google.com  I got some fake message about my Google account being compromised. The funny thing was I never actually gave it my login credentials and the screen that was displayed didn’t look at all like standard page on any Google site I have been on.

My first reaction was to clear all the settings on the browser like it was a brand-new set up. I then tried again however the problem persisted. That was concerning to me.

My next step was to completely delete the Chrome browser from my Mac and download a fresh copy from Google.com using a different browser. That worked and once I installed the new version everything seemed okay. The lingering question I had was how contained was the problem I had? I some confidence but not enough that  issue was purely within chrome.   I had no definitive evidence to back myself up. 

To be safe in the immortal words of Riply from the movie Aliens  “nuked the site from orbit”. I created a carbon copy cloner image of my OS drive and then deregistered any application I needed to associated with this computer and wiped it. That was the only way to be sure that there was no ongoing compromise to my system.

The rebuild process was slightly challenging and took more time than I’d hoped. As I was trying to reformat the drive in recovery mode the computer kept crashing. I am not sure why.  That forced me to start to do a network boot and download the original operating system that came with this Mac bypassing the step on my local hard drive that was crashing. The machine is from 2012 so that meant at least three OS upgrades to get me to the latest. By the time I completed the original OS install I was able to download El Capitan on my MacBook Pro and create a boot USB key. The USB key worked so I was able to save a significant amount of time and jump right to El Capitan.  I was handful I did not need to complete several more upgrades. The parallel efforts paid off of trying to create the sub key boot disk from my laptop paid off.

Once I had my base install done I was able to patch the system and install the standard applications that I typically use. Because I use Bittorrent Sync for replicating my data restoring most of the system was as simple as reseeding my data on this machine. It took several days for the data to replicate however when it was done everything was fine.

Weeks later there are still some applications I haven’t finished setting up yet. Of course that means I don’t use them that often so it’s a minor inconvenience. The main applications I use already set up and working perfectly fine.

For me the moral of this story is my data replication set up works. I also confirmed what I already knew that no matter how diligent I am I can still be compromised. I think the problem is existed for a while however have no way to prove it. Recently I have started compartmentalizing some of my web browser to prevent such exploits. That I hope will mitigate risk for the future however nothing is 100% safe. That Compartmentalizing effort in and of itself is a blog entry I’m working on.

My New Mechanical Keyboard

by

I am finding it pretty funny that society in many cases has conditioned us to think new and shiny stuff is better. A few years ago I started reading about getting shaves the old-fashioned soap and a brush. That led me to buying old school one blade safety razors for a time. Since then I’ve evolved to a more expensive and more modern twin blade. My point though is the technology from the middle of last century for me works better than any of the modern stuff. Today I get a better experience with the twin blade and shaving soap and a brush then I ever did with a fancy Mach 3,4, or 5.

Taking that lesson learned I should have come to the same realization on certain technologies. About 9 or 10 years ago Apple released their new style keyboards. It mimics for had a similar movement to keyboards on their laptops. At the time I thought that was the coolest idea that we give me seem typing experience when I work directly on my laptop or when I worked at my desk. The new keyboards were nice and shiny white. The best part was they had a small wireless version was pretty nice size compared to previous wireless keyboards.

At that time I had been using a White Apple Keyboard 109 Keys A1048.  I wasn’t that impressed with those keyboards and I’m not really sure why I got rid of my prior keyboard the Apple Pro Keyboard (M7803). Those were really good. I think it was related to the fact that at the time I was using an iMac and they came with the white 109 key keyboard. I likely would’ve sold the Pro keyboard when getting rid of a PowerBook. Looking back that was probably a huge mistake. At the time I thought the upgrade to the laptop like sleek mobile keyboard would be a smart move for me.  Even after I had the new keyboards for years I was relatively happy with them.  Flash forward nine years and I saw an article talking about the highlights of a Bluetooth wireless mechanical keyboard that also muffles mechanical movement sound (the Matias Laptop Pro Keyboard for Mac). Even though I was interested, I thought that at the time that I was generally happy with what I had so it wasn’t worth the money.

The idea of the keyboard was still pretty cool yet I was still interested in trying to help my hands make it through the day of typing. I have had repetitive stress issues with my hands on and off for a while. Well I think that’s what it is. Let’s be honest the one Tyler brought up to my doctor he said just rushed her hands and you’ll be fine since the issue seemed very mild.  That being said on some days towards the end of the day my hands feel really tired from the typing. That has been a major driving factor for me to use the dictation.

A few weeks ago the topic came up with someone at work. I think we were either discussing wrist pain or that he was building a vintage computer that the discussion on old-school mechanical keyboards came up. As it turns out he had done a lot of research on the topic and was able to geek out with me on the different mechanical movements of old-school keyboards. I showed him the link to the Matias and we did some basic research on it. Turns out the Matias is based on the same Alpine mechanism that the Apple Pro keyboards were that I liked so much. With that knowledge and a renewed focus on my typing comfort I splurged on the keyboard.

When I first got it I was concerned that it would take me some time to adjust. I’m always worried that during that adjustment. I’ll get set up and just not like it. That leads to returning or not using the device in question. With the Matias keyboard however within an hour or so I realized its value. It felt that I could type faster with it then I was on my old one. It also immediately felt comfortable to use. On both counts I was extremely pleased.

The only drawback I’ve noticed is that I have to tell it to connect to my laptop every morning. It’s more of a minor inconvenience than anything else. There were one or two days in the past month where it didn’t connect and I needed to go into Bluetooth settings and reset it. The only other issue I’ve had is only once or twice there was some lag from when I typed something to when it went on the computer screen. Reviews of the Bluetooth keyboard reported similar issues however it’s not a major problem for me at this point. I like a wireless keyboard over a wired one however if I need to buy another one might pick up the wired version.

Since I do most of my typing at work this keyboard home at present is in my office. It is so much nicer to use this mechanical keyboard versus the new Apple rechargeable wireless keyboard that I have at my desk at home. I bought one of the rechargeable keyboards and it came out since using or chargeable batteries in the old blue two keyboards were pain. They weren’t keeping charges. I was also curious at the time if the new keyboards would be more comfortable to use then the old ones. It wasn’t. I was surprised at how much worse the new one felt to type on. At this point I think I’m gonna save and buy another one for home.

If this was a product review I would likely give it five stars.

I Can Finally Stop Tinkering With my Media Center, For Now…

by

I make a conscious effort to limit what personal family details I post however I do enjoy writing this blog. That means I typically focus my writing around technology. I find tech interesting and it’s a huge part of my life. Not the largest part however big enough that there are plenty of topics to write about. Looking back at my blog posts over the past few months I thought I talked extensively about my media center setup challanges. I was surprised then to realize that I haven’t written about my evolving use of my Apple TV 4 since I purchased it late last year: My New Apple TV.

I was happy that on day one the new Apple TV ran the latest version of the Plex app. The challenge I had was that Plex is only half of my media center/TV watching set up. Content purchased from the iTunes store makes up part of the other half of my use case. Live TV takes up the rest. The big roadblock after I got my Apple TV was it couldn’t stream live TV. I have a HDHome Run from Silicon Dust that takes my cable card and streams my cable TV to any networked device that can receive it. The Apple TV does not natively support this. Silicon dust does not have their own app for the Apple TV (yet anyway). Initially that was extremely frustrating. It required me to maintain other device just so we can watch live TV. That complicated media center use for my wife. Ease-of-use is critical for her and I. For her she just wanted it to work reliably. For me I don’t want to get frantic calls or texts that my daughters can’t watch curious George because something hokey is going on.

Luckily for me after the new year I stumbled across not one but two applications in the Apple TV app store that supported streaming TV from an HDHome Run. I got into the beta program of one app however there were some challenges with the audio being out of sync with the video. That was a problem that I had with my Kodi Media Center on my Raspberry Pi. I then found the second app which cost about $15 buy however it was out of beta and it looked too promising not to try it. I am so glad I did. It worked perfectly. Now I was able to have Plex, iTunes, and live TV all on my Apple TV. That enabled me to simplify the media center substantially and thus make it easier to use.

The streaming TV app works pretty flawlessly. I was able to clean up the cables and devices in my media Center when I no longer needed my android TV, Raspberry Pi OSMC, and Mac Mini running Plex. All those devices at one time or another were testbeds that failed in one way or another. I still have one Raspberry Pi plugged into an HDMI cable in my media Center however that is usually just for when I’m building something. My media center experience is not dependent on it though.

Experimenting and finding the most optimal set up for us for TV/media consumption took a pretty long time. I am glad the technology caught up to to the requirements that I was looking for. The setup has been pretty stable for the past several months. I haven’t made any major changes to it since getting the T streaming app. I have been adding additional apps to the Apple TV however the basic configuration doesn’t change. I do want to try getting a game controller and seeing if there are any good games on the Apple TV.  I no longer have an Xbox 360 so at present nomgaming platform of any kind. Of course I haven’t played an Xbox game in four years don’t miss it all that much most of the time.

A New Mac Mini Please…

by

My desktop computer at home is a 2012 Apple Mac mini. At the time I got the slightly upgraded version with the fusion drive and 16 gigs of RAM. Four years later it is starting to show its age. For most people it would probably still be a perfectly good computer however there are certain functions I’m noticing I need more power.

I would love to retire this Mini and relegated to act as a backup node on my Bittorrent Sync network. The challenge that I have is that the current Mac Mini model is from 2014. I cannot justify myself to buy a brand-new computer with technology that’s two years old to replace a four-year-old computer. My choices then are either purchasing iMac, build myself a Windows 10 or a Linux machine. My only other option is to wait for the mini to be refreshed.

For me Windows is not practical. I haven’t used Windows as my primary computer for work or professional life in years. I use a Windows computer when I need to at work and I have virtual machines for when I need it however living on one at home day in and day out just doesn’t seem like something I want to do. I have been wanting to build a Linux desktop however today it doesn’t offer me all the software I would need to replace my Mac. The iMac is compelling however I have not been a fan of the all in one computers. I’ve owned several iMacs and had challenges with some of them. Every time I think man those are cool I remember my burn in issues I had on to back to back iMac’s. Other reasons to avoid an iMac is I have been eyeing a bigger monitor than my current 27 inch. I would love a 34 inch widescreen however the current mini I have cannot support the resolution for one. If I do end up getting a second desktop running Linux I would want to plug it into the same monitor. I’m trying to stay is future proof on whatever I buy now as possible.

Since I haven’t been able to come up with a solution I am happy with I continue to wait. Every Apple announcement I hope they will refresh the Mac Mini and then sadly they don’t.

I know the one last option I have that I didn’t mention prior since it is super expensive is the full Mac Pro desktop. The cost alone is a nonstarter for me. Add to that it has not been refreshed as long or longer than the mini makes it not a viable option for me.

As Tom Petty says the waiting is the hardest part. Now I wait some more…

Mac Quicken Update

by

I’ve been using Quicken 2016 on my Mac for a few weeks now. I have had less issues regarding duplicate transactions than I did with Bankify. That’s the good news. There are some growing pains however. Not everything works as well as I would like. There’s one stock that the system won’t find so I have to manually updated if I want to get the correct values.

I haven’t had as much problems with reconciling my accounts as I did with Bankify however it hasn’t been all roses and rainbows. I’m not sure if it’s just issues I didn’t catch in the migration or issues in downloading of the data. It is definitely easier to reconcile however than the old system. So my main objective has been successful.

Other challenges I’ve had with finding things. Editing a payee or category wasn’t a straightforward as I thought it would be. There is no menu option to go to payees. You have to start typing in a payee and then click on the edit button to bring you up all of the payees in window to edit them. If you don’t know that it’s frustrating. The iOS app didn’t seem that useful however I haven’t played with it that much. Of course I haven’t played with that much because it didn’t seem that useful.

 

All in all I’m hoping Quicken improves with a new Quicken 2017 soon however my challenges are not enough to want me to go back to Bankify. I’ll see how things are going in another month or so.

Hello again Quicken, goodbye Bankify

by

For the past few years I’ve been using iBank / Bankify for my personal financial management. I documented my move to iBank in a previous post. Finding a Mac compatible financial application was the final app that I needed to completely go Mac only not require a virtual machine for my personal use.
I’ve been generally okay with iBank now Bankify however there been some lingering challenges. First and foremost I keep getting duplicate transactions even after I downloaded from my bank. What that means is I sometimes have to spend hours each month trying to reconcile my accounts because a single transaction might have three or four transactions in my register. It also might turn out that several of those transactions if the account transfers might show up as a transfer to the wrong account thus throwing off balances across multiple accounts.
This year one of my financial goals was to automate bimonthly banking and bill payment as much as possible. This bug has caused challenges to completing the objective. This month I had a renewed desire to find an alternative. I tried you need a budget however the downloading of transactions from my bank seemed to be clunky. It also focuses on budget only. That’s important to me however I need an app that can do more. My sites then turned to Quicken since their 2016 Mac upgrade it seems to have been a big improvement over the 2015 one. I know it doesn’t have all the same features as the Windows version however I wanted to stay native Mac. I did contemplate trying the Windows version however I don’t think I need some of the advanced features that the Mac version does not offer. That is why today I bought Quicken for the Mac 2016.
The import process went surprisingly painlessly. My export from Bankify went over without any problems. The import of that file to Quicken also appears to of been painless. I need to go through each account and confirm the balances make sure everything is correct. For now it looks like this is the easiest migration I’ve had to do. In the past I went from Quicken for Windows to Mac and then back again. Then I went from Quicken to Bankify. Each of those migrations was painful and took a lot of time to validate things right or to tweak the process in order to get a good copy of my data. Part of my problem is trying to keep and migrate 16 years of data. I don’t need it but I want it and since it’s all in one file should be straightforward to migrate. I do have an additional eight years of data in other files that I don’t migrate but I have all of my financial transactions going back to my freshman year in college in some sort of backup or another. At some point soon I need to archive old transactions to an off-line backup so I don’t have all of it on an Internet connected machine. That’s my next step.