When opening an OpenOffice document, that is stored on a network file system (NFS), OpenOffice is known to crash due to a problem in OpenOffice, that has to do with locking of files, which prevents users from working in the same document. Unfortunately, there is no solution yet because OpenOffice believes, that the problem is in the NFS.

This procedure will make it possible for OpenOffice to work on documents, that is stored on a NFS.

In our example, we want to fix OpenOffice on an Ubuntu operating system.

We open the OpenOffice configuration script for editing and deletes the section, that enables file locking.

sudo vi /usr/lib/openoffice/program/soffice

The cryptographic tools in the FreeBSD operating system are able to protect data on file systems from highly motivated people with significant resources. Unlike other encryption methods, that encrypt individual files only, such as PGP, the cryptographic tools in FreeBSD transparently encrypt entire file systems. No clear text ever touches the hard drive.

In our example, we will use the geli cryptographic tool in FreeBSD 7.2 to create an encrypted file system on an external hard drive.

The external hard drive can then be used to store and transport files or backup files in a secure manner.

Note, that we have not had succes with FreeBSD 7.0 on two different machines. This version demonstrated kernel panic on USB events and system hang on geli commands in such a way, a kill -9 was not even enough.

We load the dynamic kernel module and make sure, that it is loaded upon boot time in the future.

kldload geom_eli
vi /boot/loader.conf
geom_eli_load="YES"

We attach the external hard drive, start it up and create the master key, that will be used for the encryption. In our example, the external hard drive is recognized as device node da1. We will enter a pass phrase during the creation of the master key. This way, the combination of the key and the pass phrase must be used in order to gain access to the file system. A copy of the master key should be stored far away in a trusted place in another galaxy.

ls /dev/da?
dd if=/dev/random of=/root/ehd.key bs=64 count=1
geli init -s 4096 -K /root/ehd.key /dev/da1

The layer between the external hard drive and the file system is called the provider. The provider has to be attached before creation of the file system is possible. When the provider is attached, it will be recognized by a device node and we can create, mount, list and unmount the file system until we detach the provider again.

geli attach -k /root/ehd.key /dev/da1
ls /dev/da1.eli
dd if=/dev/random of=/dev/da1.eli bs=1m
newfs /dev/da1.eli
mkdir /mnt/ehd
mount /dev/da1.eli /mnt/ehd
df -H
umount /mnt/ehd
geli detach /dev/da1.eli

When we want to use our encrypted file system, such as when synchronizing contents, we attach and turn the external hard drive on, attach the provider, mount the file system, synchronize content, unmount the file system, detach the provider, turn the external hard drive off and detach it.

geli attach -k /root/ehd.key /dev/da1
mount /dev/da1.eli /mnt/ehd
...
umount /mnt/ehd
geli detach /dev/da1.eli

Xvid and DivX is a compressed high quality movie format, that is widely used on the internet in order to reduce file size. The word Xvid or DivX should appear in the filename to indicate this movie format.

Computers, that are based on the Windows operating system, might not be able to play Xvid or DivX movie clips in the built-in movie player.

This procedure will make it possible for those computers to play Xvid and DivX movie clips in the default movie player.

Install the free DivX Codec software for Windows. You only need the DivX Codec component, thus you can disable other components, other related software and registration details.

That’s it.

Applications on Facebook and their automatic quiz result feed, photo feed and message feed are a huge problem on Facebook. These applications are annoying and they spread like virus by exploiting your friends. Some applications even lead to loss of money by exploiting your mobile phone or credit card.

In our example, we want to keep Facebook clean, so, that the news feed will show status messages of friends, shared things from friends and other friends related content.

We want to block annoying applications by installing an open source filter in our browser.

We are using Firefox on a Ubuntu operating system.

1. We need to install a script parser, that can parse user scripts. In our example, we will use Greasemonkey. We confirm, that we are using a version of Firefox, that the Greasemonkey add-on supports. Then we download it, install it and restart our browser.
2. We need to install the user script, that will do the actual filtering. In our example, we will install the Facebook Purity script. We install it, restart the browser and open Facebook. We notice, that our Facebook is clean, and, that there is statistics in the top.
3. We need to update the script from time to time because Facebook implements changes to the programming code from time to time. In order to do this, we need to delete the script before we install the updated script. We do this by clicking Edit, Preferences, Main, “Manage Add-ons”, Greasemonkey, Preferences and then Uninstall. Then, we install the Facebook Purity script again.

The power, flexibility, and reliability of FreeBSD operating system attract a wide variety of users and vendors. We are now listed among the vendors, that offer commercial products, services, and/or consulting for FreeBSD.

Visit the homepage of FreeBSD. Point your mouse to Support and click Vendors. You will now see the page of Commercial Vendors. Click Consulting Services. You will now see a list of FreeBSD consultancies. Look under Europe and find Open Tech SmbA.

In order to begin protecting our privacy, such as protecting exchanging of private messages or protecting the storage of private files, by using signed and encrypted communication with the Pretty Good Privacy (PGP) standard, we need to prepare our key rings, create our own key, share it and make it trustworthy.

Our key rings will consist of a secure key ring, which will contain our key or keys, and a public key ring, which will contain the public keys, that has been shared with us by other people.

Our key will consist of a DSA key, that is used for signing, and an El Gamal key of maximum strength, that is used for encryption.

It will be possible to derivate a public key from our key, which can be shared with other people.

It will be possible to derivate a fingerprint from our key, which can be used by other people to validate it by comparing it to the fingerprint, that was given to them in a trusted form.

It will be possible to have our key signed by other people in order to make it trustworthy.

In this example, we will use the command line interface of GNU Privacy Guard.

We create our key. We choose DSA and Elgamal. We choose a key size of 4096 bits. We choose a key, that will not expire. We set a strong pass phrase, that is more than 20 characters long, contains small letters, capital letters, numbers and special characters.

gpg --gen-key

We call in the key for editing, add information about our preferred key server, confirm the key and note the the key fingerprint. The key fingerprint will be used for building trust later. While a key is called in for editing, other changes can be made, such as changing pass phrase, date of expire and more. These changes will not affect the key fingerprint.

gpg --edit-key 01234567
keyserver
fpr
save

We store our public key on a public key server and prefix the hexidecimal identifier with a zero.

gpg --list-keys
gpg --keyserver pgp.mit.edu --send-key 01234567

We want to have a trustworthy key. In other words, we want to have our key signed by other people. We can do this by meeting up with other people, such as a key signing party, and share our public key and fingerprint of our public key. Now, they can download our public key from the public key server, sign it and return our signed key to the public key server.

We want to help others gain a trustworthy key in the same way, we did with our key. We download their public key from the public key server, validate it, sign it and return the signed key.

gpg --keyserver pgp.mit.edu --recv-key 01234568
gpg --fingerprint 01234567
gpg --edit-key 01234567
check
sign
check
save
gpg --keyserver pgp.mit.edu --send-key 01234568

We want to refresh the public keys in our public key ring from time to time. This will help us stay updated with signed keys and changes in keys. We can do this in an automated way by using a public key server.

gpg --keyserver pgp.mit.edu --refresh-keys

We want to back up our key in order to survive the loss of our key or secure key ring. If this happens, and we can not restore it, there is no way to recover the encrypted data. We attach our external storage device, export our key and store our external storage device in a safe place, far away in another time and galaxy.

gpg --list-keys
gpg --armor --output /mnt/ext/public.asc --export 01234567
gpg --armor --output /mnt/ext/secret.asc --export-secret-keys 01234567

We can restore our key by using the following procedure.

gpg --import /mnt/ext/key-secret.asc
gpg --import /mnt/ext/key-public.asc
gpg --list-keys

In order to sign and encrypt messages, your mail client must be configured, so it will be able to use signing and encryption software.

The goal is to be able to

• sign and encrypt,
• sign only,
• encrypt only,
• decrypt and
• verify.

In our example, we want to configure an alpine mail client on a FreeBSD operating system to use GNU Privacy Guard (GPG) sign and encryption software. alpine was formerly known as pine. It is assumed, that this software is installed prior to this procedure, that the ports collections is up to date, and, that public keys has been exchanged, and maybe even trusted through key signing parties, between senders and recipients.

In order to support the configuration, a number of scripts are available, that simplifies this task. We will use ez-pine-gpg.

cd /usr/ports/mail/ez-pine-gpg
make
make install

The scripts can be confirmed to exist.

ls /usr/local/bin/ez-*

Run alpine. Press S and C to enter the configuration.

Press Ctrl-W and search for Display Filters.

Press A to add a value.

_LEADING("-----BEGIN PGP")_ /usr/local/bin/ez-pine-gpg-incoming

Find the Sending Filters below.

Press A to add a value and repeat this until the following filters has been added.

/usr/local/bin/ez-pine-gpg-sign-and-encrypt _INCLUDEALLHDRS_ _RECIPIENTS_
/usr/local/bin/ez-pine-gpg-encrypt _RECIPIENTS_
/usr/local/bin/ez-pine-gpg-sign _RECIPIENTS_

Press E and Y to end the configuration.

We can now create a new message, select one or more recipients from our address book, attach one or more documents, fill in a subject and type in our private message.

We can then press Ctrl-X to begin sending and press Ctrl-N to switch through the available signing and encryption combinations. In our example, we want to sign and encrypt. We switch to ez-pine-gpg-sign-and-encrypt, press Y, type in our private key pass phrase, press Y, press Enter and then our signed and encrypted message are sent.

The recipient will receive our message and will be able to read the name and address of sender and the subject. If the recipient has not configured the mail client for reading signed and encrypted mail, our message will be unreadable. If the mail client has been configured, the recipient will be asked to type in the pass phrase of the private key of the recipient.

Be aware, that ez-pine-gpg and other scripts does not encrypt attached files. You should encrypt files separately before attaching them.

gpg --encrypt daemon.jpg

GPG will ask for recipients and then write an encrypted version of the file, named daemon.jpg.gpg, which has been encrypted using the public key of the recipients. The recipient can decrypt the attached file.

gpg --output daemon.jpg --decrypt daemon.jpg.gpg

More files, or directory structures, should be zipped and then encrypted.

For a long period, the public service television in Denmark, Danmarks Radio (DR), has been streaming their channels on the internet in H.264 format for their Linux and Mac users and their VLC client.

Now, new channels has been added, a new live page has been added, which uses an embedded flash player, that Mac and Linux users can watch using their browser and flash plugin, such as Firefox and Macromedia Flash plugin, and, a new neat live program for all the channels are available on that same live page.

Privacy is being threatened.

The answer to this is to use software, that can

• confirm, that messages is in fact from the expected sender,
• confirm, that messages are authentic, and,
• encrypt and decrypt messages, documents and files.

In terms of software, this is referred to as signed and encrypted messages. In order to do this, a pair of keys are used by both senders and receivers. A key pair is a private key and a public key.

The GNU Privacy Guard (GPG) is the GNU project’s complete and free implementation of the OpenPGP standard as defined by RFC 4880.

The signing works as follows.

1. The sender creates a message.
2. The sending software generates a hash code of the message.
3. The sending software generates a signature from the hash code using the private key of the sender.
4. The signature is attached to the message.
5. The receiving software keeps a copy of the received signature, that was attached to the message.
6. The receiving software generates a new hash code for the received message and verifies it using the kept signature, that was attached to the message. If the verification is succesful, the message is accepted as beeing authentic.

The encryption works as follows.

1. The sender creates a message.
2. The sending software generates a random number. This is used as a session key for this message only.
3. The session key is encrypted using the public key of each recipient. These encrypted session keys start the message.
4. The sending software encrypts the message.
5. The receiving software decrypts the session key using the private key of the recipient.
6. The receiving software decrypts the message using the session key.

GPG allows you to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kind of public key directories. GPG is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available.

Version 2 of GPG also provides support for S/MIME.

On a FreeBSD operating system, GPG can be installed from the ports collection.

cd /usr/ports/security/gnupg
make
make install

You are now ready to create, export, import and sign keys. The homepage of GPG has good documentation.

The quick and dirty guide to key administration and usage by a senior member of the FreeBSD forums is also recommended.

IT-Political Association of Denmark (IT-Pol) is an organization, that advocate privacy, openness, and internet freedom.

IT-Pol engage politicians in dialouges on IT, gives presentations on conferences, schools etc. IT-Pol answer hearing, produce position papers and press statements.

IT-Pol made a strong speech about privacy at Open Source Days Community Day 2009.

We recommend, that this association is supported by obtaining membership.