Schierer Space

Yes, this will be a how-to in installments. There’s far too much to try to cover in one abusively long blog post.

The purpose of this post is to familiarize you fine curious readers with the tools you’ll need to achieve the same relative state of email security that I have. Disclaimer: Although I think I’m generally fairly smart, I am NOT -nor do I pretend to be- any sort-of accredited data security expert. However, I did stay at a Holiday Inn Express at some point this year, and will therefore do my best to not lead you terribly astray.

These instructions are for Windows users, although, to be honest, doing this in Linux is probably not terribly different, since ALL of the tools I’m about to discuss are open-source and available without cash of any kind.

The list:

1. Thunderbird: An email client built on the Mozilla engine. I currently have 2.0.0.16, but I upgrade regularly.
2. GNU Privacy Guard (GnuPG or GPG) V1.4.9: An implementation of OpenPGP for encryption and other related stuff.^[1]
3. EnigMail (0.95.7): The plugin for Thunderbird that provides the graphical user interface that makes this oh so much easier.

A bit of detail… (more…)

1. This is actually the engine that does all of the encoding heavy lifting. [↩]

You may be wondering why I would spend my valuable time learning and configuring my system to send encrypted emails. My reasons, to be brief, are very much the same that Bill discussed some weeks ago. The most succinct reason is: “The same reason that most paper mail isn’t on postcards.”
Not that my adoption of encryption will change this, but does it occur to you that all of those bills and other documents that are being emailed to you are completely retrievable by anyone who cares to look?
“Sure,” you say, “but that person would have to be some kind of computer guru who has access to special tools, right?” Wrong.
At work we use a program called WireShark for analyzing network traffic, it’s open source software that anyone can download and use. Although being a computer guru might help, the software makes it surprisingly easy to make sense of the garbage flowing around on the intertubes. Anyone who can connect somewhere along the network path from you to your email server can intercept and read your email. Note: Many email servers allow for encryption in the transfer to/from your PC, I recommend that you turn this on if your server supports it. For instructions, read on!^[1]
For demonstration purposes, I setup one of my email accounts with no login or communication security (this is the default for most email programs!!). I sent myself an email from one email account to another , and by simply selecting the packets marked “POP” and telling WireShark to “follow the TCP stream”, I get a text chain that is so detailed, I dare not even post it here. Passwords, user names, server information, etc… all plain as day.
So even if I cannot persuade you to use encrypted email, you at least owe it to yourself to be connecting to your email server in a secure way. ^[2] These instructions are for Thunderbird 2.0.0.16 on WXP, your mileage may vary. (more…)

1. Edit: I hate it when I spell a tag wrong and my entire website suddenly converts to bold text! [↩]
2. Of course this won’t secure your messages themselves unless the recipients are also protecting their email server traffic! [↩]

You thought you were safe after that last post, didn’t you? Well it turns out that I didn’t quite have the details correct. You can read for yourself in the governing IETF document RFC 4880: The OpenPGP Message Format. ^[1]
It seems that the whole public-private key thing is only PART of the magic which makes encrypted email possible. The details came out when I looked into how messages intended for multiple recipients are encrypted. It turns out it’s pretty simple, and fairly elegant (as you might expect from the kind of gurus that hang out in the IETF) and can be simplified as being what I described before pretty accurately.
So here’s how it really works: (more…)

1. It’s ok, I read it so you don’t have to! [↩]

Thanks to Bill for finally pushing me over the edge to secure email communications, I have transitioned to the use of Enigmail/GnuPG for signing and encrypting email. Of course, I must now struggle with the inevitable incompatibilities of the email viewers of the rest of the world. This includes my workplace, my friends’ workplaces, my family (both tech savvy and not so savvy), etc.
For those of you who understand the OpenPGP technology (and encryption in general), this rest of this post will be review, but for those who don’t, it will be needed to provide backround for future posts. Thanks to Phil for familiarizing me with the “PAIN” acronym for security:

• Privacy: Only the intended recipient can view the information.
• Authentication: The information came from the person you think it did.
• Integrity: The information has not been tampered with.
• Non-Repudiation: The sender cannot deny the message was from them.

OpenPGP uses a public-private key encryption system. You can read a lot about this on the web, but I’ll trouble you with a summary. I generate a key-pair which is associated with ME. There is a private key which I keep and never share with anyone, and a public key which I can give to whomever I wish. The encryption system is rather mathematically interesting because it allows anyone with the PUBLIC key to encrypt a message that only the PRIVATE key can unlock. What’s especially funky about this is it allows the unwary sender to encrypt a message that they themselves CANNOT read. ^[1] So if you want to send me an encrypted message you have to have my public key. Click on the link to download it (then contact me to validate the fingerprint if you wish). This is the Privacy part.
Authentication, Integrity and Non-repudiation is achieved by a process called signing a message. The sender generates a ’signature’ which is based on the sender’s PRIVATE key (yes, they need a key-pair too) and the content of the message (or attachments). The receiver, can validate the signature by combining the sender’s PUBLIC key and the content of the message. Having received a message with a signature from the sender, the receiver knows that the message WAS in fact sent by the sender and has not been altered in between. Think of the signature as an encrypted check-sum. Of course, if the private key is compromised, then all bets are off. So the private key is generally password protected. If you want more information, the Wikipedia article on public-key cryptography is quite good.

Whew! You made it through the technical stuff and you’re still reading! I’ve decided to be kind and cut off this post and save some material for a later day. Look for future posts about the impacts and how-to of encrypted email (unless Bill beats me to it).

1. There’s a setting in Enigmail to prevent this by adding yourself to the recipient list, so the message is also encrypted with your own public key. [↩]

“There are two kinds of computer users in the world, those that have regular backups and those who are about to.” - I’m pretty sure I didn’t make this up, but I can’t figure out where I saw it.

Thanks to John for reminding me that I had put this chunk of how-to advice together a year or so ago. This is excellent blog fodder in the vein of “giving something back to the community”.

I do regular automatic backups, and I keep a copy of my backup off site. This is my backup method. It is the result of personal experience, long philosophical discussions with tech-savvy friends (Hi Eric!) and some just plain laziness^[1].

This is long, but reads quickly, so here we go… (more…)

1. I like to say that necessity is not the mother of invention, laziness is. I’m sure I heard that somewhere too but Google was unable to find a suitable attribution for me. [↩]

So after all of that, if you actually want me to narrow it down to a few choices, I give you the following. Again, I’m only selecting from the Canon line because I simply don’t have enough experience with the competitors.

Unless you have some particular need to get an ultra-miniature, I pretty much don’t recommend them.

“Normal” point and shoot digital cameras
K’s folks have the A400, which is an earlier model of the A460. When I asked about how they liked their camera, K’s Dad was pretty positive. Enjoying many of those features that make digital cameras so easy to own and operate. If you’re not worried about taking masterpiece images, and you want a portable camera that can fit in a large pocket, I recommend the A460 ($120*). If you want a bit more control, higher resolution and a bit larger light gathering ability, consider the A630, a later model A600 series camera ($235). The newer models (A640 and A650) are so expensive, that you would be better off considering the next line up, the S series.

Canon recently came out with the S5 IS ($350) to replace the very popular S3 IS ($270). IS refers to “Image Stabilization”, a feature which removes camera shake to allow shooting with slower shutter speeds. These cameras sport 12x optical zooms, which will really get you up close and personal. This is the class I would recommend for most users who aren’t afraid of a $300 price tag. These cameras pay for their zoom lens with a bit more weight and bit more bulk, but they are great performers. I had an opportunity to try out an earlier S-series (I think it was the S2) and it felt like a ‘real’ camera. These cameras can be battery hogs, so I always recommend buying some rechargeable NiMH AA batteries as your first accessory. If I were buying in this class today, well, I’d probably recommend the S5. It’s a higher resolution camera (which may actually push a bit beyond the limits of the optics) and has a bigger LCD, which drains the batteries a bit harder. Both take 4-AA batteries. They also use an electronic viewfinder (a mini-LCD behind the eyepiece lens), which you should try out to see if you like it. The S5 also has a flash shoe for a large external flash. Anyhow, only you can decide whether the extra $80 is worth it to you.

If you’re serious about your photography, or you already have a Canon EOS film camera, consider a digital SLR. The digital Rebel Xt (2005 model) body is a steal at $430 if you already own a lens to put on it. You can buy the 2006 model, the Rebel XTi, for $150 more at $585. You get a 10 Mp sensor instead of 8 Mp, a 25% bigger LCD, more focus points and various other features. If cost is not a primary concern, the next line of SLRs is the 30D (2005) for just under $1k and the brand new 40D (2007) at $1.3k. Ok, so you’ve got be committed to pay prices like that, and I pretty much would never recommend these to somebody who’s asking. If you have to ask, you probably ought not pay $1k for a camera body.

So what’s my overall recommendation? This is so tough. If you just want to grab some shots, drop $110 for the A460. If you don’t mind spending a bit more, but don’t have an SLR now, go for the S5 at $350. If you have a Canon EOS film camera, you’re comfortable with it, and don’t mind carrying it around, you’ll probably be quite happy with the Rebel Xt for $430. I’m not sure that I can justify the extra 50% for the XTi body.

Good luck!

As I warned you, my discussion has been very Canon camera centric. I’m a fan of Canon’s products, even if I tend to think that they cost too much. In some sense you do get what you pay for, but Nikon and other brands make great equipment also.
So why the topic of Loyalty? For me it is a practical matter. When we were looking to upgrade from our Canon G2, a Canon SLR was an obvious choice. Not so much because the 20D was vastly superior to the equivalent Nikon model (they were pretty comparable), but because we already knew the Canon interface. The icons were the same, the dial placement was similar, and the nomenclature in the manual was similar.
Don’t underestimate the power of habit. Sure, anything that can be learned can be un-learned, but do you want to spend the time learning a completely new camera interface when you could be out shooting? How many priceless moments will you miss because you’re trying to remember how to turn the flash on?
For the G2 to the 20D, there were also practical considerations: they used the same digital media (CompactFlash) and the same battery (a Canon custom rechargeable). This was a major plus, because it allowed us to carry some accessories forward to the new camera. Generally, you won’t be that lucky, but it might be worth shopping around for.
If you already own an SLR, consider a model by the same manufacturer. You may be able to use the lenses you already have on a digital model. This can be a huge cost savings for the startup with a digital SLR.
On the other hand, if you’re looking at the lower end of the price range, look for a bargain. The difference in capability between a $100 Canon model and a no-name brand is probably incremental. You may not get a manual that was written in English as a first language, but then that plagues the name-brand manuals from time to time. Also consider what your friends and family have… if they have a similar model/brand to yours they will be able to provide greater assistance than if the brands are different*.
Obviously, the company won’t be paying you for your loyalty, so it’s purely a personal convenience issue.

Final article on this thread upcoming.

I can certainly testify that the difference between my good photos and my great photos are the adjustments I’ve made in not quite doing things the way the automatic settings would have. Maybe it’s a subtle change in depth of field, maybe it’s a full manual setup. Don’t get me wrong: automatic exposure and focus are remarkably good in the vast majority of cases. You may be the kind of person who just doesn’t want to be bothered by all of the controls… you just want to point, shoot and be done with it. Hopefully this section will help you decide whether any of the buttons and dials are worth having.
Remember that most all cameras will do these things for you automatically if you choose the correct setting, so this section is more about what your capabilities will be if you choose to deviate from “full auto”.

Details below (more…)

A camera doesn’t really make any sense unless you plan to do something with the images. Depending on whether you plan to show them on a website or print out poster size color glossys will have some impact on what the camera needs to have and what short-falls you can get away with. Of course your choice of printer (or online print house) also comes into play… but that’s another post.

Here’s a summary table for those of you in a hurry:

Want some details? Read on MacDuff! (more…)

Before we talk about image quality, we need to talk a bit about resolution. Resolution in the general sense is the number of digital samples per unit. In imaging, the dimensions of an image are often defined by the number of individual picture elements (pixels) that are arranged in a 2-D array to form your image. Marketing a camera by the number of “megapixels” in the image is common, but don’t be mislead. More doesn’t necessarily mean better image quality. The number of megapixels (Mp) is calculated by multiplying the height and width of the image (in pixels) and dividing by one million* (10⁶). Each pixel is represented by a series of values for red, green and blue (or various other models) that identifies what color it should be. Cameras are sometimes identified as having a particular color depth, or number of values each pixel can represent for red, blue and green.
When printing, resolution is used to describe the density at which the image pixels are printed on the output medium (e.g. paper). PPI (pixels per inch) and/or DPI (dots per inch) are used to represent pixel density. A typical computer monitor has a resolution of about 100 PPI. A photo printer will have an output resolution of 600 DPI or more (modern photo printers advertise numbers in excess of 1200 DPI). Obviously, the more pixels crammed into a single inch of printing, the more faithfully the colors and textures of the image will be represented.
The second general topic is: always shoot in maximum resolution. I make rare exceptions to this rule for documentary shots (e.g. capturing a sign, or grabbing a listing out of a phone book**). Storage media (flash for the camera or hard disks on your PC) is so cheap compared to your camera purchase and it lasts essentially forever (you will wear out the mechanical parts in your camera long before the flash memory fails). Figure out how many pictures you’ve ever taken in a day, triple it and make sure your memory card is twice that big at full resolution. Buy a big card (or two they’re lighter and easier to carry than film!). You’ll thank me.