Please note that comment moderation is enabled; when you submit a comment it will not appear right away but only after being approved. [1]

Also note that the “Name:”, “Email:” and “Website:” fields are all optional.

(Don’t ask me why WordPress doesn’t make this clear on the form itself…)

You can also email me at digi.resist [at] gmail [dot] com 

Thanks for stopping by my blog.

I hope you will find some of the content or links interesting or useful.

I would post much more to this blog, if not for a number of constraints and impediments to doing so.

NOTES:

[1] I don’t know why WordPress doesn’t make this clear (as I’ve seen Blogspot do); I know how unnerving it can be to submit a post and then not even know if it actually went through or not. There should be both a clear notice that moderation is enabled near the box for submitting a comment and , after submitting a comment, a message along the lines of the following should appear:

“Thank you for submitting your comment. It will be received by the blog owner for review and will appear if and when approved.”

Regardless of anything else, always make sure that all of your essential data is properly backed-up: Keep at least two copies in two separate, secured locations. Three for anything truly irreplaceable that you can’t stand the thought of losing. External drives are generally the most practical media to use for backup. For a little more on back-up, see my post Backup Should Always Come First

1.) Use Strong Passwords

Protect all of your accounts with secure passwords.

It is also essential, for any hardware (such as a router) that comes with a default password, to change it to a secure one.

To be secure, a password should be at least eight characters in length and contain a mix of upper and lower case letters as well as numbers and special characters (& ! # _ – , etc.).

Never choose a dictionary word or something like an address, phone number or child’s name that is easily guessable or obtainable for a password.

2.) Keep Your OS and ALL of Your Programs Updated

It is essential to keep both your operating system (whether Windows, Mac, GNU/Linux or other) as well as all of the programs on your computer updated. Vulnerabilities are continually being discovered, exploited and patched. For more on this, see my post Keeping ALL of Your Programs Updated

3.) NAT Router- 1st Line of Defense Against Intrusion

4.) Precautions When Using Public WiFi

• Do not use public WiFi for anything sensitive without– at the very least– being absolutely certain that everything– the entire session and not just the login– is done over SSL encryption. (This means that the URL in the address bar of your browser must begin with httpS at all times) .*

Even with complete, end-to-end, SSL encryption, however, there still exists the risk of man-in-the-middle (MITM) attacks. These are where an attacker intercepts an SSL connection, using forged credentials that evade detection. This is not that easily pulled-off, however, and while I don’t know just how low the risk is, I am fairly certain that at least in most cases, it is relatively low. Nonetheless, and especially considering how many people are unlikely even to notice whether or not an entire session even occurs over SSL in the first places, it is best to wait until you are home or somewhere else with a secure connection before doing anything that involves the transfer of sensitive data.

• Be sure that any computer that you ever connect to any type of public WiFi with has an effective firewall.

This is necessary regardless of how otherwise careful you may be; merely connecting to any public or untrusted wireless network makes your computer vulnerable to any number of threats that only a firewall can protect against.

(*I know that this option can be enabled in Gmail:

Settings > General >Browser connection >Always use https

as well as WordPress: When logged-into your account, on the left-hand side of the page:

Users > Personal Settings > Browser Connection > check Always use HTTPS when visiting administration pages

There is also a Firefox add-on from the Electronic Frontier Foundation that will automatically redirect a number of sites to the SSL version where available.)

5.) Public Computers: DANGER!

Any publicly accessible computer, whether at an Internet café, library, hotel or anywhere else, must be assumed to have key-loggers and other traps that can capture your passwords and personal data. NEVER bank, shop or do anything else that involves the transfer of sensitive data on a public computer.

If you absolutely must access your email on a public computer, then enter your password using a method to foil keyloggers (see here) and then change your password as soon as you get to a secure computer.

6.) Securely Disposing of a Drive

Do not dispose of, give away or sell a computer without first removing or wiping the hard drive.

Merely deleting the data on a drive or even formatting the drive is not sufficient; unless properly encrypted, the data remains easily recoverable. The only ways to render the data on a drive unrecoverable are proper overwriting, also known as “secure deletion“, or physical destruction of the drive.

Note that merely overwriting individual files and folders or even all of the free space on a drive may not actually catch everything; some sensitive data could still remain. In order to be certain that no recoverable data remains, it is necessary to wipe the entire drive.

This can be done either via software utilities such as DBAN (Darik’s Boot and Nuke, a free and open source program that is used and recommended by Peter Gutmann). Another option is the ATA Secure Erase function that is built-into most hard drives manufactured since 2001.

Recent research finds that Flash and solid state drives (SSDs) pose a special challenge; See:

Flash drives dangerously hard to purge of sensitive data

NOTE: Do not attempt to destroy a drive without first taking appropriate safety precautions. Also note that drives, like all computer components, contain toxic materials and require proper recycling or disposal. Never place a computer or computer component into ordinary trash.

For physically destroying hard drives, Dr. Gutmann recommends a complete do-it-yourself kit called DiskStroyer that retails for around U.S. $30.00.

7.) Online Financial Transactions

Consider doing any banking, shopping or other sensitive transactions from a Linux live CD or a separate, dedicated computer to be kept and used exclusively for such purposes.

Either option should bypass most of the malware and other vulnerabilities that are commonly present on the average user’s computer.

Why do so many distros (most?) not include a dial-up GUI? (Even among those that are otherwise GUI-intensive and “newcomer/user- friendly”)

And why is it generally so difficult to even find-out whether or not a distro has a dial-up GUI in advance?

With one or two notable exceptions, I have found that even for those distros that do come with a dial-up GUI, any mention of it is hidden pretty deeply– if even present at all.

This is quite frustrating for anyone who would like to know such simple, basic information about a distro before going to the trouble and incurring the expense of ordering a disc or bothering a friend or relative who has broadband.

Yet, most of the release announcements that I have seen for various distros do make some mention of one or more broadband/wireless tools/features.

Couldn’t a brief line such as,
(GNOME or K or whichever) PPP for dial-up
simply be added to such announcements?

What about adding this to the spec lists at Distro Watch?

Or a centralized listing, somewhere, of distros that come with a dial-up GUI?

Although dial-up users may be a dwindling minority, more than a few of us do still exist.

(In addition to those in remote areas, there are also more than a few — even in major cities– who either remain with or even have gone back to dial-up, which in many areas of the U.S. at least, is still available for a fraction of the cost of broadband or even completely free)

Esp. for emptying the trash, where currently one has to click each individual message separately, which can be quite tedious and time-consuming.

This is one example of the greater functionality that Fastmail.fm provides in certain areas. (Though the lack of conversation threading and the far lesser storage space and bandwidth allowance are major areas in which Fastmail is inferior to your service. Also, far inferior spam and virus filtering on free accounts and perhaps even the lowest-priced ones as well)

2.) The Fastmail web interface also offers the option to DISPLAY all messages in PLAIN-TEXT only, something you should offer as well. (Interesting to note that in your Chrome browser, it was apparently only recently that you finally offered the option to disable JavaScript.)
__________________

As for Yahoo! mail, it has been several months now that I have been unable to see anything more than than a completely blank page when logging into my account.

Fortunately, I do not expect it to contain anything more than spam, since I never used it for anything. (I only created my Yahoo! account because it was required in order to be able to create a Flickr account.)

The obnoxious ads and news and all the other junk that you’re bombarded with upon each and every login to Yahoo!* is reason enough why I would only use it as an absolute last resort.

Thankfully, the Flickr user experience is far better.
*and bypasses this.

But these enticingly low retail price-tags are deceptive, hiding
the _real_ costs and implications –not just _economic_ but also
_social_ ,_environmental_ and, ultimately, _moral_– of these products
and their continually increasing proliferation.

What are the conditions and wages for the workers at all levels- from those who mine, refine and mold the raw products, all the way through to those who work in sales and tech support?

Is the remuneration of the workers commensurate with their labor?
With the integral role they play in the generation of the very profits that allow the executives they toil for to live in the opulence they do?

What about environmental impact?

The numerous types of pollution caused by the manufacture of these products in China and other countries that are notorious for weak environmental standards and lax enforcement of them is only the most obvious problem in this regard. Other serious issues include the increased power consumption (and concomitant pollution) that the greater availability of such computer products causes and problems posed by their disposal, such as the release of toxic components in landfills and incinerators. And this is all without even taking account what issues may be posed by the acquisition of the _raw materials_ that are required for various components of computer and electronic products.

There are any number of other costs that low prices often come at as well.

Skimming through news.google.com, as I often do to get a quick overview of what’s going on in the world, this New York Times review of a program scheduled to air this Sunday (tomorrow, Feb. 21) on PBS called Invasion of the Giant Pythons caught my attention:

http://www.nytimes.com/2010/02/20/arts/television/20pythons.html

Below are excerpts, with my comments interspersed and following.

The news that Burmese pythons are loose and breeding in the Everglades and other parts of Florida has been known for a few years, but this program makes clearer the extent of the problem and some of the consequences.

But it turns out that not all of the blame for the infestation lies with pet owners who have released their pythons into the wild. Some got there courtesy of hurricanes that wrecked exotic-pet warehouses. We are left to make our own judgment of people who import and keep pythons and other exotic animals. That judgment is likely to be: “Idiots.”

Not just — or even necessarily– ‘idiots’ but socially and environmentally irresponsible. They should be made to bear some portion of the numerous costs their reckless behavior imposes upon society.

The federal government has proposed banning the importation of pythons and some other snakes.

The only possibly legitimate argument that I can think of against such a ban would be the concern that it could backfire by creating an underground for such trade.

But isn’t there already an active, lucrative underground for the importation and trade of exotic animals (already illegal, in many cases)?

…………..

There have also been a number of reports of salmonella being spread from pet reptiles

Wild animals belong in the wild.

If people want pets, there are thousands (if not millions) of dogs and cats and more than a few rabbits, guinea pigs, hamsters, gerbils, ferrets, mice and rats just waiting to be adopted into good homes. There also birds and even barnyard animals available and in need of adoption.

Resources such as http://petfinder.com and http://pets911.com can help one to find just the pet they are looking for.

1.) Keep your Operating System Up-to-Date

Download and install critical updates and patches as soon as they become available.

-Microsoft releases security updates on the second Tuesday of each month. Set Automatic Updates in Windows to notify you.

- GNU/Linux and other operating systems also require regular updating. Keep alert for announcements.

2.) Keep ALL of Your PROGRAMS Up-to-Date- Not Only Antivirus/Antimalware

Surprising as it may seem, there are still people out there who don’t realize that in order to remain effective*, all  anti-virus/malware/spyware/adware software must be continually updated.

(Antivirus programs should update at least daily. The best ones, such as Kaspersky, update continuously throughout the day)

*Note, however, that no antimalware or other security product or program can ever protect you fully or serve as a substitute for prudent behavior and good practices on the part of the user.  The right programs can play an important role in keeping one’s system secure– sometimes even an essential one– but real security is an approach and a process- not a product.

The number of people who don’t realize how critical it is to also keep their web browser and email program updated is probably far greater.

(You should be able to set both to automatically update — or at least notify you when updates become available.)

When it comes to the risks of not keeping all of the programs installed on a computer up-to-date, I wouldn’t be surprised if it were actually a majority of people who are unaware.

Updating programs is essential because critical security vulnerabilities are continually being discovered and (often not as rapidly) patched in all kinds of programs.

Secunia regularly issues advisories concerning these vulnerabilities and offers two ways to scan your computer for them (both free-of-charge):

The Secunia Online Software Inspector (OSI) (requires no download or installation. See the  system requirements here ) and the Secunia Personal Software Inspector (PSI), aprogram that you download (under 1 MB) and install to your system.

You can read reviews of this utility here

(In contrast to the modular GNU/Linux model, Microsoft Windows has no built-in, centralized mechanism for keeping all of the installed programs updated.)

In general, the more widely-used a program is, the more vulnerable it is likely to be.

Of late, the Adobe PDF Reader that is installed in nearly all computers running any version of Microsoft Windows may have been at the top for the number of vulnerabilities discovered in a program.

You can not only lessen your risk but also enjoy much faster performance by switching to the much lighter Foxit Reader for viewing and editing PDF files. The basic version, with which you can view, annotate and print any PDF document is offered free-of-charge. It is also available as a Portable App at http://portableapps.com/apps/office/foxit_reader_portable

There are also alternatives available (most free-of-charge) for many other popular and widely-used programs. I hope to write more about this in a separate post at some point.

For now, let me just mention OpenOffice , the full-featured, free, open source office suite comparable to Microsoft Office.

Regardless of the operating system or programs you use, the hardware you run them on, whatever other precautions you take and anything else you may or may not do, it is absolutely essential to properly backup your data regularly.

There are a number of programs that allow one to easily set-up a regular backup routine that can be synchronized across multiple computers and media copies. (CD/DVD or external flash or hard drives)

Once you’ve done that, it  should take little time and effort to backup regularly and doing so can save you not only much time later but also financial loss and aggravation.

For essential data, the rule is to keep redundant copies in at least two separate, secured locations. For absolutely critical data, having redundant copies in at least three different locations, with the use of a fireproof safe in at least one of them, is advised.

Locations to consider for keeping copies of your data  can include your car, workplace, the home of a trusted friend or relative and a bank safe deposit box.

Obviously, the amount of effort and expense that is reasonable to spend on backing-up and securing data will depend upon its value and the consequences of losing it.

Have you ever spent considerable time and energy working on something, only to have it vanish forever due to a crash, dropped Internet connection or an accidental click or press of a key? I think most people have had this happen to them at some point or another.

To avoid such aggravation, I recommend continuously saving anything of any length while you are working on it.

When I find I’m working on something for any extended period of time, I try to make sure to save it to at least two different destinations at intervals. For example,  If I’m writing a document in a text-editor, I’ll alternate between saving it to my hard drive and saving it to an external USB flash or hard drive. If I’m composing an email in Gmail’s web interface, I will continually click on ‘Save Draft’ but if I really dread the thought of losing what I’ve written at any given point, I’ll periodically copy and paste back-and-forth and save to a text-editor as well.

This is especially relevant when writing a comment to post on a web site or feedback to send via a web-based contact form; if you accidentally navigate away from the page or if your browser crashes, whatever you had written vanishes into the ether never to be recovered.

(I had read somewhere that there is an option in Firefox to automatically save text entered into such web fields but I never followed-up on it.)