Hello, ProtonMail

After reading this blog post about how Google was able to influence traffic to the secure email provider Proton Mail, I’ve been pushed past the tipping point with regard to Google.  Here’s a short excerpt:

The short summary is that for nearly a year, Google was hiding ProtonMail from search results for queries such as ‘secure email’ and ‘encrypted email’. This was highly suspicious because ProtonMail has long been the world’s largest encrypted email provider.

My response? I canceled my paid Google email account and opened a ProtonMail account and am happily paying for it. Not hard, and costs roughly the same. Yes, there is a free version.

Qubes may be the perfect OS for the Linux newbie

Qubes OS is thought of as a unique OS which emphasizes security, in this case security by compartmentalization, and this is why people like Edward Snowden and Micah F Lee have said positive things about it (see the Qubes home page).  But could it also be a great OS for someone trying to learn Linux?  Let me explain why I think the answer is YES.

I’ve installed Ubuntu linux multiple times on older Macs (and Canonical has done a fantastic job of making it easy to install on a wide variety of hardware).  Just like when they were running OS X, these old Macs booted into Ubuntu on startup and I could practice using the GUI programs and even a little command line interface (CLI).  The file system was written to the physical disk.  This worked great…..until I broke something. I would either spend hours trying to figure out how to fix it or (more likely) just re-install Ubuntu Linux and start again. This became quite frustrating and time consuming.

In Qubes, each operating system installed is running in its’ own virtual machine (VM), something that’s made possible by the Xen hypervisor.  (This also means you can install a variety of operating systems, even Windows.)  Put another way, the bare metal of the computer, instead of just running one operating system for one user, can run multiple operating systems for multiple users with multiple roles and levels of trust.  The key here is that a virtual machine can be easily duplicated (and erased).  And that is why it’s great for beginners.  Install Qubes (my installation of Qubes OS 3.1 came with VMs for Fedora 23, Debian 8, and whonix), duplicate one of these VM’s, then tinker away on the copy. Screw it up? No problem! Shut down the VM, delete it, duplicate yourself a new one from the template and start from scratch…..in minutes.

The VM Manager in Qubes OS
The VM Manager in Qubes OS

QubesOS on a System 76 Lemur

lemurI’ve been fascinated by the security-by-compartmentalization model used in Qubes OS, a Linux-based operating system.  I even managed to get it running as a virtual machine in VMWare Fusion on OS X, but wanted  to get dedicated hardware to run it on.  Failing on several older macs I had around the house, I decided to ante up for a Linux laptop.  With some encouragement from Micah  F. Lee via Twitter, I decided to order a System76 Lemur  14″ laptop for my experiment.  The Lemur arrived today and it looks like I have successfully installed Qubes 3.1!  I’m happy to say the hardest part was figuring out how to get a boot menu (F7 after powering on in System76 computers).

My plan is to post about my experience as I go along.

That reminds me: dump Java.

I was just reading a post at MalwareBytes Labs titled Cross-platform Malware Adwind Infects Mac by Thomas Reed about the Adwind Remore Access Tool (RAT) which reminded me I had wanted to remove JAVA from my Mac as it represents a security risk.  A quick DuckDuckGo search led me to How to uninstall Java in Mac OS X at dotTech which offered concise instructions for how to remove both the runtime and the jdk.

Go ahead. Do it. You’ll feel smart after using the Terminal.

Authy two-factor authentication for WordPress

I just installed WordPress 4.5.2 via DreamHost’s One-Click installer.  I’ve been with DreamHost a loooong time now, but this is the first blog I’ve ever set up at this URL. I wanted a place I could post quasi-geek stuff without having to worry about if it was related to anesthesia or not (my day…and night….job).

The one-click install worked flawlessly, and Dreamhost even arranges for a free SSL certificate via Let’s Encrypt, so the site has the benefit of https without having to pay for a cert. Cool.

I’ve been using Authy in place of Google Authenticator on my Newton 2000 iPhone for my two-factor authentication tokens for quite a while now , and wondered if I could use it on my own personal site.  The short answer is a resounding YES. The longer answer is that it was easier than I thought.

Authy offers a WordPress plugin that can be installed on your own site:

Authy Plugin for WordPress
Here’s a screenshot of the Authy wordpress plugin description.

Even though this 2.5.5 version hasn’t been updated in about a year, it works fine with this WordPress 4.5.2 installation.  Once installed and activated, all I had to do was go to http://www.authy.com/signup to get a free API key.

I can see why Authy makes this free and easy to encourage users to try their technology. Once ‘inside’ you can get a glimpse of what is possible with 2-FA via Authy and how well thought out and smooth the whole service is.  My only concern is that I see most tokens have gone from 6 to 8 numbers.  It could be a real problem for me to type in 20 numbers in 30 seconds should it come to that. 😐