I use the Thunderbird email client under Fedora at work. I've been searching for a different email client to use to retrieve my personal email since I prefer to keep those messages totally separate. After doing a bit of research, it looks like Evolution and Balsa are the two top email clients (aside from Thunderbird).
I didn't find either to my liking. Evolution (at least the latest version available from Fedora's package manager) was terribly unstable. It also had the worst address book of the 3 email clients. Its rendering of HTML messages was substandard at best. It doesn't display embedded images by default and didn't always display them when I selected the display images option.
Balsa wasn't much better. It was more stable than Evolution but it really didn't support HTML messages well at all. Retrieving messages frequently caused the sorting of message in the Inbox to get confused, forcing me to select the Date heading to force a re-sort. The filtering feature was very disappointing. Adding filters made it activate procmail filtering which caused messages to get stuck in the command line mail utility.
I've settled for using Thunderbird for both work and personal email. Using one of the others just wasn't feasible.
Tuesday, December 18, 2007
Sunday, December 09, 2007
Good Books
I'm reading a couple excellent books at the moment which I thought I'd pass along.
During my commute, I'm listening to Spider Robinson's Callahan's Legacy. Whenever I read a new book by Spider or go back to re-read one of his older books, I'm always amazed at how good I feel while reading it and how I don't want the book to end. There are a handful of authors whose work makes me feel this way: Rudy Rucker, Robert Heinlein, Carl Hiaasen, Richard Feynman, and Richard Dawkins to name but a few.
At night I've started reading Theodore Sturgeon's The Nail and the Oracle: Volume XI: The Complete Stories of Theodore Sturgeon. I've been reading this complete collection of Sturgeon's works as they have been published which has been sorely trying my patience as I wait for each new volume. I was originally under the impression that there were to be 10 volumes in the series but a good friend recently mentioned that he had received volume 11 as a gift which caused me to order it as soon as I got home. When I started reading Sturgeon 30+ years ago, I was struck by the fact that his work really transcended the genres of SciFi or Fantasy and that it was sad his audience was probably much smaller than his talent deserved because of these labels. Reading Harlan Ellison's lengthy and touching foreword in this volume, I find I'm not alone in this feeling.
I highly recommend both books. If you haven't read anything by one or both authors, I envy you. You're in for a great read.
During my commute, I'm listening to Spider Robinson's Callahan's Legacy. Whenever I read a new book by Spider or go back to re-read one of his older books, I'm always amazed at how good I feel while reading it and how I don't want the book to end. There are a handful of authors whose work makes me feel this way: Rudy Rucker, Robert Heinlein, Carl Hiaasen, Richard Feynman, and Richard Dawkins to name but a few.
At night I've started reading Theodore Sturgeon's The Nail and the Oracle: Volume XI: The Complete Stories of Theodore Sturgeon. I've been reading this complete collection of Sturgeon's works as they have been published which has been sorely trying my patience as I wait for each new volume. I was originally under the impression that there were to be 10 volumes in the series but a good friend recently mentioned that he had received volume 11 as a gift which caused me to order it as soon as I got home. When I started reading Sturgeon 30+ years ago, I was struck by the fact that his work really transcended the genres of SciFi or Fantasy and that it was sad his audience was probably much smaller than his talent deserved because of these labels. Reading Harlan Ellison's lengthy and touching foreword in this volume, I find I'm not alone in this feeling.
I highly recommend both books. If you haven't read anything by one or both authors, I envy you. You're in for a great read.
Wireless Keyboard Security Compromised
This post at the excellent HackADay web site discusses how the security of wireless keyboards has now been compromised. This makes it even easier for hackers to capture passwords and other information you type on your wireless keyboard. They don't need to risk physical access to install a hardware keyboard capture device or install software to perform the same function. They just need to set up a sniffer device in close enough proximity to capture your key strokes. Under ideal conditions, wireless devices can transmit far beyond their stated maximum range.
I personally use a wireless mouse, a wireless Apple Mighty Mouse which I love, but not a wireless keyboard. I see little benefit to getting rid of the wire on my keyboard since I don't need my keyboard to move so the wire never gets in the way.
Good luck to any hackers who want to derive meaningful information out of my mouse movements and clicks. Without knowing what's on the screen at any given moment, that information is next to useless. I know it's possible to spy on Van Eck radiation to read what's on a monitor from a distance but the equipment required to do so is either expensive or complicated to build. It's also a non-trivial problem to tie what's on the screen at that moment (an analog signal) with what's being typed. I'm quite satisfied that the barriers to that my monitor and mouse emanations being compromised are sufficiently high to discourage all but the most determined hacker. Realistically, you can never make something 100% secure. All you can hope to do is to raise the barriers high enough to nudge them along to easier targets. Rest assured that there are many easier targets. I can see 2 completely unsecured WiFi networks from my house and I suspect this is constrained by the distance between houses more than anything.
I personally use a wireless mouse, a wireless Apple Mighty Mouse which I love, but not a wireless keyboard. I see little benefit to getting rid of the wire on my keyboard since I don't need my keyboard to move so the wire never gets in the way.
Good luck to any hackers who want to derive meaningful information out of my mouse movements and clicks. Without knowing what's on the screen at any given moment, that information is next to useless. I know it's possible to spy on Van Eck radiation to read what's on a monitor from a distance but the equipment required to do so is either expensive or complicated to build. It's also a non-trivial problem to tie what's on the screen at that moment (an analog signal) with what's being typed. I'm quite satisfied that the barriers to that my monitor and mouse emanations being compromised are sufficiently high to discourage all but the most determined hacker. Realistically, you can never make something 100% secure. All you can hope to do is to raise the barriers high enough to nudge them along to easier targets. Rest assured that there are many easier targets. I can see 2 completely unsecured WiFi networks from my house and I suspect this is constrained by the distance between houses more than anything.
NTFS Alternate Data Streams
Quite some time ago, Microsoft quietly added the ability to embed an alternate data stream in another file. This was ostensibly done to improve interoperability with other modern file systems such as Apple's HFS. The problem is that many of the command line and GUI utilities supplied with Windows don't support (or at least easily so) manipulation of these alternate data streams, making them an ideal place to store data undetectable by normal means.
This capability can be useful for OS features such as displaying thumbnails images when a user opens a folder containing image files. That way, the thumbnail image gets deleted when the user deletes the image file itself. The user is also not confused by the presence of a multitude of files which they don't remember creating.
The negative implications of alternate data streams are twofold. First, it can make figuring out what is occupying your disk space. Second, it makes a convenient place for Malware authors to hide their malicious software. They love this functionality which has been embedded into the Windows operating system since NTFS was introduced because it frees them from the need to resort to a rootkit to hide files. To Microsoft's credit, in Vista they've added switches to the venerable "dir" command to give it the ability to detect alternate data streams. Users of older versions of Windows will need to avail themselves of a utility such as Streams from the great team at SysInternals, now part of Microsoft.
For a good summary of the security implications of alternate data streams, see this write-up at Security Focus.
This capability can be useful for OS features such as displaying thumbnails images when a user opens a folder containing image files. That way, the thumbnail image gets deleted when the user deletes the image file itself. The user is also not confused by the presence of a multitude of files which they don't remember creating.
The negative implications of alternate data streams are twofold. First, it can make figuring out what is occupying your disk space. Second, it makes a convenient place for Malware authors to hide their malicious software. They love this functionality which has been embedded into the Windows operating system since NTFS was introduced because it frees them from the need to resort to a rootkit to hide files. To Microsoft's credit, in Vista they've added switches to the venerable "dir" command to give it the ability to detect alternate data streams. Users of older versions of Windows will need to avail themselves of a utility such as Streams from the great team at SysInternals, now part of Microsoft.
For a good summary of the security implications of alternate data streams, see this write-up at Security Focus.
PayPal Security Key
Since I do a lot of technical reading in my spare time, I find myself becoming more and more interested in computer security. One thing I'm particularly concerned about is is the use of usernames and passwords alone for authentication on web sites which contain any of my financial information. A while back while listening to the always entertaining and informative Security Now! podcast, Steve Gibson (one of the hosts) mentioned that PayPal had started offering Security Keys for a nominal fee. These keys display a number which changes in an unpredictable pattern every 30 seconds and which can be used to tighten security on your PayPal and eBay accounts.
PayPal should be commended for offering this capability and at such an affordable price. Multifactor authentication is much safer than its single factor sibling.
Find out more about the PayPal Security Key here. If you have trouble accessing this link, go to PayPal's site, click the Security Center link at the top and click on the picture of the Security Key. This program is on a timed deployment so it may not yet be available outside the U.S.
Sunday, December 02, 2007
OpenID
A new post on the Blogger in Draft blog indicates that Blogger, the service this blog and many others depend upon, may soon support OpenID for identity verification for posting.
I've been following discussions about OpenID, including one on the excellent Security Now! podcast and have been anxious to give it a try. It appears Blogger may afford my first real opportunity so I've signed up for a free account at Verisign Labs' PIP web site. There are a number of other free OpenID providers. I chose Verisign primarily because of their long history. I'd hate to commit to a provider only to have it fold because they couldn't find a way to monetize the service.
You may want to sign up for an account so you can get an URL you can remember. The URLs associated with your OpenID identity must be unique so there's benefit to having one which has your favorite user name embedded.
I've been following discussions about OpenID, including one on the excellent Security Now! podcast and have been anxious to give it a try. It appears Blogger may afford my first real opportunity so I've signed up for a free account at Verisign Labs' PIP web site. There are a number of other free OpenID providers. I chose Verisign primarily because of their long history. I'd hate to commit to a provider only to have it fold because they couldn't find a way to monetize the service.
You may want to sign up for an account so you can get an URL you can remember. The URLs associated with your OpenID identity must be unique so there's benefit to having one which has your favorite user name embedded.
Running IE on your Mac
There's a new method of running IE (Internet Explorer) on your Mac. Now you may ask yourself, what do I need IE on a Mac? It's only really useful for visiting those annoying web sites which refuse to display properly in Safari or Firefox for the Mac. Yes, you can also download a Firefox add-on called User Agent Switcher to lie about your browser user agent, but that won't emulate all the quirks associated with IE so some web pages may still not display properly.
The software to accomplish this magic is called ie4osx. Basically it runs the IE version of your choosing under Darwine (Darwin Windows Emulator) under X11 (a traditional Unix style graphical user interface environment). You need to install X11 (available from your OS X install disks or Apple's web site) and Darwine prior to installing ie4osx.
If you find yourself encountering the occasional web site which refuses to display correctly (or at all) under a Mac browser, this software may be useful for you. It runs pretty well though it's a bit quirky. I found myself having to double or triple click on links occasionally. I also had trouble getting back to the search term form on Google's search page. Still, these quirks are a small price to pay to be able to finally view web sites that were otherwise inaccessible or garbled.
The software to accomplish this magic is called ie4osx. Basically it runs the IE version of your choosing under Darwine (Darwin Windows Emulator) under X11 (a traditional Unix style graphical user interface environment). You need to install X11 (available from your OS X install disks or Apple's web site) and Darwine prior to installing ie4osx.
If you find yourself encountering the occasional web site which refuses to display correctly (or at all) under a Mac browser, this software may be useful for you. It runs pretty well though it's a bit quirky. I found myself having to double or triple click on links occasionally. I also had trouble getting back to the search term form on Google's search page. Still, these quirks are a small price to pay to be able to finally view web sites that were otherwise inaccessible or garbled.
Subscribe to:
Posts (Atom)
-
A long time ago I was given a bit of advice that has served me well over the years. An engineer with much more experience than I had at the...
-
We lost our very special dog to an osteosarcoma a few days ago. He started limping a little over 4 months ago and it took a while to dia... -
Most of the longtime Unix users like me love grep. Regular expressions make the silly wildcards available in Windows seem completely underw...