Speak Secret dot Net

I received some positive feedback from my last post — enough that I’m willing to give it a try. So, check out the site http://speaksecret.net!

The site is written at an introductory level, and will focus on simple instructions to get encryption working in your favorite applications. There will also be articles on how encryption is seen from the popular media and Movies and TV, as well as some of the basic theory.

Recommend it to your friends!

The Lack of Encryptonomiconization of the Internet

I find it interesting which sorts of things get encrypted on the Internet.

Most people know to encrypt their Wi-Fi router, for example. That’s because there’s been lots of press about it, and many people like to tell stories about how they bum internet service from their neighbors.

A few people know the difference between a regular website and an SSL-encrypted web site. That little lock icon in your browser means that communication between you and the site is relatively secure. However, few people know what it actually means. I won’t go down the road (in this post, anyway) of the value of SSL certificates and whether they actually do the job they are supposed to.

And that’s about it. SSL and WiFi is the limit of what most people deal with encryption. I’m talking about personal use here, not business. Of course the average IT worker uses a terminal session called SSH which is quite secure, and most businesses have secure VPN’s in to their private networks, which are generally also secure. Like WiFi encryption, the what I find interesting there is that the businesses use this mainly for protection of their own internal networks. Their outside communications are generally via email or IM, just like most people’s private ones.

And yet there are plenty of free, and not terribly difficult ways you can encrypt your emails and IM’s, and even phone calls so that only you and the receiver can communicate. Yet, hardly anyone uses them. In fact, so few people were interested that PGP, one of the best methods for sending emails securely, completely failed as a commercial product even before they started charging for it. Luckily, there is a free GPL replacement, so that the solution is still generally available for anyone who wants to use it (I do).

What am I talking about here? Well, any message you send over the Internet can be read by just about anybody. Any Email. Any IM. Any Skype call. Any message board posting. Now, I’m not paranoid. I agree that statistically speaking, no one really cares about the chain letter of jokes I forwarded to my cousin last week. Right?

Well, maybe not. But what if I sent a bank account number to my wife, so she could check it? You can bet there are bad people on the internet who are on the lookout for such information. What if my friend asks me for my phone number and address so he can send me a party invitation. How do I know it was really him, and that I’m not sending my information to an impostor? What about the government? I mean, you don’t have to be paranoid to be worried when the FBI calls their email surveillance system CARNIVORE. For Cripe’s sake! They couldn’t call it “PEACE” or “LOVE” or something? CARNIVORE?! And before you think that we don’t need to worry about this sort of thing anymore, CARNIVORE was initiated by the Clinton administration, not Bush.

So, I’m thinking about creating a blog for encryption-related stuff. Encryption for the lay-person, as it were. I’m not saying everyone is out to get you, but people buy car insurance even though they don’t plan on ramming anything.

Would anyone out there find something like that useful? Like easy how-to’s to set up encryption in different mail and IM clients, layman-level articles about how encryption works, and why you’d want to use it? It’s a bit of work to set up a new web site (and write for it), so I’ll only do it if people want it. Leave comments here! (http://2robots.com/2009/01/23/encryptonomicon)

The submerged iPhone: 6 months later

Six months ago I took my iPhone into a hot tub with me. It wasn’t on purpose – I had it in my bathing suit pocket (because, where else would you carry it?).

I immediately realized my mistake, and rushed to dry it off. If you search the Internet, you’ll find that the beat thing to do next is stick your iPhone (or other soggy electronics) into a bag of white rice. Rice absorbs water better than almost anything else. It will quick the moisture right out of your phone.

After 24 hours, I took the iphone a out of the rice and guess what? It worked perfectly! Well, almost perfectly. The screen was a little psychadellic, but that cleared up after a few more days as the cu al bits of water dried up, and then it was good as new.

Or so I thought. While I had survived the immediate risk of frying my phone, the moisture ha done some long term damage to the circuit board inside: it had allowed rust to start to set in.

Fast forward to today. 6 months later, my phone started acting funny. It claimed I had an incompatible device plugged in. All of a sudden, the battery only lasted a few hours. The circuit board had rusted and begin to short out.

Unfortunately, the water indicator was still bright orange, so apple wouldn’t fix it for me (rightly so). There’s nothing for it now; my iPhone is in the twilight of it’s life, ends early with electronic alzhimer’s.