Protecting Your Data with SSH – Background (Part 1)

While using either an open wireless network at a coffee shop, an untrusted network, or virtually any open network, your data is exposed. Data passed around on a network is normally unencrypted which means anyone can read it. Imagine the type of data you send over the network: passwords, private messages, more passwords! Have you ever used FTP to update your site? Everytime you do your password is sent in plain text. What about checking your POP email? Again, your password is sent in plain text!
While at SuperHappyDevHouse we have many people on the same unencrypted wireless network. At SHDH13 someone was passively sniffing the network; This person posted a list of collected email address/passwords on the SHDH wiki. The post was quickly taken down and the people were immediately notified; This was a wake up call for for people using unencrypted networks. How can we prevent this from happening again? The solution to this problem is obvious: encrypt! The question is how can we easily do this?

First let’s get some background on something called public key encryption (PKE). PKE consists of two parts: the public key and the private key. The public key can be used by anyone; The function of this key is to encrypt data that is meant for your eyes only. The private key on the other hand should be protected as it decrypts any messages encrypted by your public key. So let’s say Person A, Alice, wants to send a message to person B, Bob. Alice doesn’t want a third party, Eve, to read the message so she wants it encrypted. For simplicity’s sake, let’s pretend Alice and Bob already have established trust and have each others public key (otherwise we are still open to man-in-middle attacks). Alice will encrypt her message with Bob’s public key and then send it. When Bob receives it he will decrypt it with his private key; his response will be encrypted with Alice’s public key and Alice will decrypt it with her private key. That’s the jist of PKE; we could go more in depth and look at digital signatures, but that would be beyond the scope of this article.

So now that we have some background on PKE, let’s talk about SSH. SSH or Secure SHell is meant to replace insecure protocols such as Telnet, FTP, and RCP (SSH, SFTP, and SCP respectively). SSH uses PKE to encrypt its data that is sent over the network. A problem we can see is that SSH seems to be limited in it’s scope. What about POP3 email or regular HTTP traffic? How do we encrypt that? With SSH we can setup a proxy server that will allow us to to send our data through an encrypted “tunnel.” In the next part of this series, we will look at setting up these tunnels and configuring our applications to use them.

A new way to sort RSS feeds

I doubt this is new, but I just thought of it just now, so it’s new to me! I’m taking advantage of the Google Reader feature to group my RSS/Atom feeds by tagging them. This concept in itself isn’t new, but what I thought of was to take the feeds of certain tags from other sites and group them in Google Reader by their respective tag. For example, say I want to see what’s new in the world of Microformats. I can subscribe to the microformat ma.gnolia group, subscribe to the microformat search feed in technorati, and subscribe to bookmarks tagged with microformats in del.icio.us. All of these can be tagged and put under the microformat group in Google Reader and named by their respective web site for easy viewing.

Practical Usage of Microformats

My last post was not only an announcement of Taxi Driver playing at The Fremont here in SLO, but also an experiment. I generated the HTML for my post with the hCalendar Microformat creator. Once I created my post and viewed it, a greasemonkey script kicked in and I was able to automatically add it to my gCal. Although many popular browsers don’t have built in support for Microformats, there are scripts and plugins to give added functionality for streamlining tasks.

Organization with Web 2.0

If you’re anything like me, then you’re moving from computer to computer. Syncing data between all of these workstations can make your workflow both inefficient and unorganized. There are also cross-platform issues, and the different data formats between applications. This article will demonstrate how to overcome these problems with the use of web 2.0 applications in regards to bookmarks, RSS readers, office applications, email, and more.

  • Bookmarks: When I’m at my various workstations I usually bookmark websites that are of interest to me. This concept is not new, but what happens when I need to access a bookmark from another computer? I could always sync the bookmarks manually or possibly write a script to do it. Instead, the usage of an online bookmarking site such as del.icio.us or ma.gnolia solves this issue. These services allow for access to your bookmarks from anywhere you have an internet connection. I personally use del.icio.us (although I will be looking into ma.gnolia soon), so I will use it as my example. With del.icio.us you either install a plug-in for firefox or put two buttons on your Bookmarks Toolbar; one for viewing your bookmarks, and the other for bookmarking the site you’re on. It’s a very simple process that has led to a large list of bookmarks that I still need to check out.
  • RSS Reader: RSS is one of my favorite web2.0 technologies that I use on an daily basis. First I used Vienna to manage my feeds, but I found myself having to export my list so I can sync it on my other computers. This obviously had it shortcomings. Then at SHDH 13 I was introduced to the wonder that is Google Reader. Google Reader is an online RSS feed reader. Besides being cross-platform and accessible everywhere I go, the greatest feature isn’t even in the program itself. Like a lot of people, I use firefox. One of my favorite new features in Firefox 2.0 is how you can click on the RSS feed symbol when visiting a web site and add the feed to your online reader of choice. This makes it just as simple as bookmarking a website with the del.icio.us buttons.
  • Office Applications: We have all used a word processor or a spreadsheet program; Microsoft Word and Excel being the more popular of the two. Google has created (or bought-out) their own version of these programs for online use: Google Docs & Spreadsheets. Sure there are desktop freeware alternatives, but by using online applications you don’t have to worry about any time consuming installations or running updates. Another feature worth noting is how it saves the documents you are working on in a central location. Just today I was talking to a co-worker about how he was able to work on a school assignment on his home computer (running Ubuntu Linux) and continue with his assignment during his lunch break with his work computer (running Mac OS X).
  • Mail/Calendar: You should start to see a trend by now, so it should be obvious what my recommended online email application of choice would be; Gmail/GCalendar of course! Back when I was using windows as my primary workstation, I used Outlook for my mail and calendar needs. I often found myself needing to access mail or contact information from a remote location to look up information. Instead I had to wait till I got home to look through my archived mail or contact list. When I made the switch to mac, Entourage (The Outlook clone) seemed like the natural choice since I was never a big fan of mail.app. The process of exporting my data from one OS to another AND from one data format to another was much more difficult than it should have been. This is when I made my official move from a desktop email client to an online email client. I currently use gmail as my primary email client and haven’t looked back. Google Notifier will let me know immediately when I get a new email or if there is an upcoming calendar event. This makes the entire gmail suite feel like a desktop application.
  • To-do list: We all use stickies or scattered text documents for our to-do lists. Using a site like voo2do lets us store all of those stickies or text documents in 1 central location. It’s great for jotting down random ideas wherever you are. I also heard about using Google Calendar as a to-do list. This may seem like more of a logical choice by allowing me to consolidate my services to 1 provider and add native features.

I hope this has demonstrated the benefits of using web 2.0 applications in the place of standard desktop applications.   There are many alternative programs than the above listed, so if you don’t like my recommendations, go out and find something that suits your needs. There are some downfalls of using these applications, such as when you don’t have an internet connection, but I feel the benefits far exceed the downfalls.  Remember that the above posted solutions are free, usable on any platform and you don’t have to back up your data (especially handy when you format and need to reinstall applications).