Tag Archives: floss

3 Reasons Why You Should Never Use Enlocked

Enlocked advertises easy, secure email. Sounds good to me! My current solution (Thunderbird+Enigmail) works, barely, but it is a big pain in the tukhus. I’d go for something better. Heck, I’d pay for it. And Enlocked is free!

I gave their Chrome plugin a try. Installation was a breeze and it worked exactly as advertised. It integrates almost seamlessly into GMail (when replying, quoted text is still encrypted, but they’ll probably fix that soon). It really was friendly enough for anyone! But I’m not dusting off the old blog just to tell you that. No ma’am.

Unicorn and Cow (and sentry)

1. They encrypt and decrypt using their own key.

If you’ve ever spent the not-insignificant time to learn and use PGP yourself, you’ll know that one point of going through all the trouble is complete, end-to-end encryption. You don’t have to trust your email handlers. Any of them. And there can be many! So, uh, you just never give your private key to anyone, ok? Everyone gets their own keys (there are plenty for everyone, and they’re free!). That’s the way PGP works.

I should say that I’m not positive Enlocked uses their own key. It could just be a key they generate using some secret they securely get through you via OpenID or something fancy like that (even so, they’re free to brute force your secret day and night since they have the key). But without knowing for sure, you might as well assume it’s their key and they can decrypt your messages anytime they darn well please. Or if someone forces them to decrypt messages (like a government, or someone with lots of power or money), same result.

2. They encrypt and decrypt on their servers.

From their How it Works page:

The systems at Enlocked only have access to your messages for the short time we are encrypting or decrypting them, and then our software instantly removes any copies.

This is really more of the first reason (no end-to-end encryption), but it’s just another place where their inevitable security breach could occur.

3. Their software is closed-source.

If you know me you know I’m a Free² Software zealot, so you expect this kind of propaganda from me. But transparency is really important where the actual encryption and decryption takes place. They must at least make their client-side code available for review.

Sorry Enlocked, nobody serious about security will adopt your software until you address these issues.

Disclaimer: I’m no security expert. But Bruce Schneier is. If you really want to get schooled on security, read anything he’s written. For instance: Secrets and Lies: Digital Security in a Networked World.

Does the FSF need better top-down social skills?

Larry Cafiero and Joe Brockmeier are two big voices for technological freedom. They’re both pretty fired up about RMS’s f-you epitaph of Jobs.

Generally you want the figurehead of a public foundation to be, uh, attractive. Intellectually, maybe even physically. Right? Not only does the cause itself have to make sense, these people need to attract other people to their cause. And they usually “say the right things”, smile, wear a suit, whatever. But I always thought these requirements only applied to other causes (besides Free Software).

Certainly RMS lacking those traits didn’t keep me from FLOSS. I heard about RMS and the proprietary printer a while back, and that’s all it took to get me hooked on FLOSS. I could identify immediately because I write software, and proprietary code is a pain. His cause just makes sense, even if he doesn’t. But I’ve been justifying his abnormal behavior because, well, he started something new! Something important. He knew it was important, and dedicated his life to this thing that many, many folks never even know exists. Something that affects all our lives, every day, more and more. Software must support our Freedom, or we are not free.

So he won me over, but I’m a nerd. I’m used to eccentrics in my field. Truth wins, period. And I still don’t know if it matters if RMS is a polished, smiley, public-friendly dude or not. Would Free Software be farther along today if RMS were kinder, more respectful, or somehow a better “public figure”? Would DRM have never been allowed to exist? Would the government pass laws that software for implanted medical devices be Free?

simple AJAX/JSP example: sum of two numbers

It’s been a while since I’ve done any front-end Web programming, so when Eva proposed a friendly challenge to quickly create a simple AJAX calculator, I gladly accepted. It took her about 20 minutes on an ASP.NET stack, and took me… *cough* …a couple of hours using JSP.

The challenge was fun because I played with and gained respect for JQuery and the Eclipse WTP. I think it took me longer than Eva because I first looked for tiny AJAX examples in Ruby on Rails and Django. After a couple of aborted attempts, I decided to use JSP after finding this nice example.

I’m sharing my result since I wasn’t able to find one quite as succinct. You can throw the war file in a Tomcat “webapps” directory or import it into Eclipse (ideally the Java EE version with WTP) to hack it. The WTP even has a nifty HTML WYSIWYG design view.

Mifos in the Google Summer of Code 2009

Mifos has been accepted for the Google Summer of Code 2009! Working on Mifos has been my full-time job since October of 2007. The Google Summer of Code is an awesome program funded by Google wherein students get paid to work on FLOSS. Yay!

If you’re an eligible and interested student, check out our ideas page, hop on IRC during US/Pacific business hours, ask away on the mailing list, download the code, try building it, etc. and we’ll get you signed up!

Elegant Lead Sheets are Back!

As the holidays are fast approaching, many musicians will be called forth to back a multitude of sing-alongs. Be prepared! Musicians that care memorize or use sheet music, and nerdy musicians love Chordie!

Chordie turns text files with embedded chord names into beautiful, stafless PostScript lead sheets.

Chordie is a fork of Chord, and is written in under 5,000 lines of K&R C. Chordie currenly only runs on *NIX-like operating systems, but there may be ports to other operating systems someday.

UPDATE: Chordii is the new name for this project.