The Arizona Rifleman

Google evidently has two separate account namespaces:

• Google Accounts
• Google Apps account

Google Accounts can be, but are not necessarily, a Google Mail/Gmail account. One can have a Google Account without having a Gmail account (e.g. user@example.com) and can use such an account for accessing services like Google Reader, Google Docs, etc. I created such an account years ago for my personal email address.

Google Apps accounts are accounts associated with Google Apps, which are separate from regular Google Accounts. Google Apps provides email service for my personal domain.

Unfortunately, this means that both my Google Account and Google Apps account had the same username, which lead to considerable confusion.

I’m just now trying to get this all straightened out by only using Google Apps for email and XMPP chat and migrating all my other services (like Google Reader, Google Voice, etc.) to a single Google Account. This is exceedingly frustrating.

Sebastian’s treatise on the drawbacks of telephones struck a nerve with me; I too tend to be rather taciturn, and so prefer communications by email or IM (mostly email, as I like the fact that an immediate response is often not required, so one can think out one’s response a bit more).

However, when I do need to use the telephone, I prefer that it doesn’t suck. Cellphones are mediocre at best, what with the extensive voice compression and signal processing they utilize. Yes, they can be incredibly convenient¹, but the lower quality is a big tradeoff.

Fortunately, my work happens to have really nice Cisco IP phones that have outstanding call quality. It’s rather nice to be able to speak to someone and be mutually intelligible.

I’m neither an audiophile nor a luddite, but it rather annoys me to have audible communications go from “so clear you can hear a pin drop” to “can you hear me now?”² in just a few years. If it’s possible to have high-definition TV broadcast over the air, radio signals beamed in from space, and high-quality movies streamed over the internet, is it too much to ask that cellphone provide a similar level of quality as landline phones?

I’d love to get a landline phone at home, but landline phones plans are absurdly over-priced. They still charge for long-distance service? What the hell? I can use Skype/Google Talk/SIP to call India and have a crystal-clear audio and video chat all day at no cost³, yet wireline phones charge per-minute rates to call Phoenix from Tucson? Local phone service from Qwest is about $13/month, with no features (e.g. no caller-ID, no voicemail, etc.), but with the absurd amount of taxes and fees they tack on, it ends up being closer to $30/month. Completely not worth it. I wonder if the phone companies ever consider why they’re losing business to mobile devices?

1. Though I must say it was quite a relief to be without cellphones for a few weeks whilst on my honeymoon. [↩]
2. Yes, I know they’re marketing slogans and I’m taking the latter out of context. Deal with it. [↩]
3. Or use a VoIP phone for mere pennies a minute. [↩]

My personal, non-blog-related domain has used Google Apps for email for years. In essence, one gets all the benefits of Google Mail (excellent spam filtering, IMAP/POP/SMTP, huge amount of storage, reliable infrastructure, etc.), but for one’s own domain. Very handy.

One of the advantages of having one’s own domain is that one is not bound to a specific email provider; one can change the back-end provider relatively easily and with essentially no disruption. Over the last 11 years, my personal domain has had probably half a dozen providers handling email, with Google Apps providing service for about the last four years.

While I’ve been quite satisfied with Google Apps¹, I always like to check out alternatives at intervals, much like I do with car insurance.

Fortunately, Google makes moving away from their services extremely easy: it’s trivial to move mail to the new server by IMAP, and a few simple changes to my DNS records now direct mail to the new server. Everything was done with about 5 minutes of work.

There’s two quirks with moving away from Google Mail, though.

The first is that Google Mail is primarily web-based, and offers IMAP/POP service as a feature, while the new service is primarily IMAP/POP with webmail as a feature, and so their webmail is pretty basic.

The second is that Google has excellent spam filtering, mostly based on the input of its brazillions of users marking messages as spam or not spam. The filtering takes place on the server side, which keeps spam levels in one’s inbox to a minimum regardless of whether one uses webmail or IMAP/POP. Marking messages as spam or not spam is trivial and totally in-band (click a button on the webmail interface, move the message to an IMAP folder if using a client).

The new provider offers some server-side filtering, but it’s nowhere near as good as Google’s, and using the server-side filtering requires identifying spam or non-spam via out-of-bound methods (clicking a link in the email, which opens a browser window) which is a bit tedious. I can do better filtering on the client side, but that means that accessing my email with the webmail interface (which doesn’t have the filtering ability of my mail client) results in a massive amount of spam polluting the folder.

Slightly frustrating, to say the least.

I’ll give this other provider a few more days to see if their spam filtering can adapt to deal with the onslaught, but for my purposes (mostly webmail, with occasional IMAP use), Google Apps’ service appears to be better. However, in the event that Google turns to the dark side, it’s good to know there’s options.

1. Although there are a few quirks when using IMAP due to the fact that Gmail uses “labels” instead of “folders”, they’re minor and easily adapted to. [↩]

The Saudi and UAE governments are thinking of banning certain services on BlackBerry phones, as theyare encrypted and communicate to foreign systems.

Joe reminds us that while encrypted communications can be used for nefarious purposes, they can also be used for good. Phil Zimmermann, inventor of the common encryption software PGP feels the same way.

Indeed, they are used for good far more than for evil, and their use is almost ubiquitous: essentially any site that deals with personal or financial information is SSL-encrypted. Gmail uses SSL by default, and now even Google Search is available over SSL. Most instant-messaging clients use SSL between the client and server, and Skype uses transparent, end-to-end encryption for all voice, video, and chat messages, as well as file transfers.

In a way, crypto is not unlike firearms¹ : it can be used by bad guys plotting dastardly deeds, but its benefits to society are considerably greater than its drawbacks.

In fact, I consider strong crypto to go hand-in-hand with free speech: being able to speak privately (and, on a related note, anonymously) is one of the strongest foundations of liberty. I hold this believe so strongly that I regularly use and encourage others to use strong crypto in their everyday lives. For those wishing to contact me securely, my PGP key is available here. One can also send me an S/MIME-signed message and I will reply with a signed+encrypted message.

1. Even the government considers certain cryptosystems to be munitions, and restricts their export, although the restrictions have been considerably lessened in my lifetime. [↩]

Last night I had the pleasure of having dinner with several members of the local free unix group. While the conversation was interesting, stimulating, and extraordinarily geeky, a particular exchange struck a chord with me.

We were discussing opportunistic encryption and how, despite its shortcomings, it’s still better than nothing¹. Several of us lamented that implementing strong security is often hard, and usually beyond the abilities of most average users. Thus, having opportunistic encryption on the server end (e.g. having webmail, IMAP, POP, SMTP, etc. connections use SSL by default) can often add security to an otherwise insecure connection without needing any action on the user’s part.

One of the other folks at the meeting mentioned that if we had a completely open, transparent society, then we wouldn’t need to worry about such security, as there’d be no secrets to protect.

An interesting concept, to be sure, but not one I can really see taking off; people have too many secrets.

Perhaps it’s not secrets on the scale of nuclear weapon schematics, orders of battle, or other secrets of that magnitude, but most people have information that they either wish to keep to themselves or share with a limited number of people without that information being known to the general public: medical records, business plans, love letters, financial information, etc. Most people have a reasonable belief and expectation that their phone calls and emails are private, even though such communications are almost always insecure. This, I think, needs to change — private citizens need more control over their personal information, particularly when their information is stored and transmitted by third parties.

Take, for example, Facebook: people post an enormous amount of personal information to Facebook on a daily basis, and feel comfortable doing this because Facebook allows various degrees of control over who can access that information². Whether or not they should feel comfortable posting personal information online is an entirely different matter, but users do have some degree of control over their information and they can choose to not post their information in the first place.

On the other hand, look at ChoicePoint. They gather information from a huge variety of services, collect it, and sell it. The amount of data they store is staggering. There’s a lot of issues with ChoicePoint which, to me, relate to control of information: private citizens are not ChoicePoint’s customers, and have no leverage or ability to change the information collected or stored by the company. Once the company has the information, they’re unlikely to let it go.

As a personal example, I recently moved from Tucson to another city in Arizona to live with my wife. I filled out the change-of-address form with the USPS. She filled out the forms with various government agencies to change her last name after the wedding. Suddenly, we’re bombarded with mail saying, in general, “Welcome to the neighborhood, [last_name] family! Here’s [various_commercial_offers] for new residents!” She’s lived at that address for years. We don’t want this crap, nor did we sign up for it, yet our names and addresses have become public record by the simple act of changing my address and her changing her last name. At the very least, there should be a means of preemptively opting-out from the disclosure of this information to entities outside the post office and government. Same thing with voting records — evidently voter registration information is public, including one’s name, address, and telephone number (I’m not sure about political affiliation, but I wouldn’t be surprised if it were public.). Every election cycle, we get bombarded with political mailings and phone calls, with no means of opting-out from them.

My wife and I have no problem with certain information being used for legitimate purposes. For example, the post office needs to know my new address so they can forward mail. This is fine. The Social Security Administration and Motor Vehicles Department need to know that my wife changed her last name. That’s also fine. We even understand that credit and insurance companies need to have some means of evaluating how much of a risk a potential customer might be, and that some information must be shared (( Though it’d be nice if information-sharing was prohibited by default, and that one would need to authorize an individual company before they’d have access to the information. Of course, a creditor would rightly refuse to offer credit to someone unless the individual authorized that company, but right now that data is basically free-for-all.). But we do have major problems with a lack of control over personal information.

In short, the default state for information relating to private citizens should be “private”, and individuals should have the ability to control the distribution of their personal information. Basically, it’d be nice to have Fourth Amendment-type protections against corporations, as well as government. Cryptography only goes so far, but it can help.

Public companies and governments, on the other hand, are a completely different matter. With certain limitations (trade secrets, legitimate national security interests, etc.), I think that information should be open and transparent to the public, particularly when an organization interacts with private citizens or their personal information.

1. For example, STARTTLS for SMTP offers no protection from a man-in-the-middle attack, as certificates are not checked against a list of trusted authorities. However, this is no different than if the message was sent over an unencrypted link, but STARTTLS offers protection against passive wiretapping. [↩]
2. Of course, that information can always be re-published by users who are authorized to see it, or through security breaches and other nefarious methods. [↩]

In 1993, I was but a young lad of 11. At the time, my parents purchased a PowerBook 165c, the first color Mac laptop. It had a whopping 33MHz processor, 4MB of RAM, an 80MB hard disk, and a 8.9″ 8-bit 640 x 400 color passive matrix display that could display 256 colors. It weighed about 7 pounds. According to LowEndMac, it cost about $3,400. Ouch.

Today, I was looking at a new netbook made by System76, a small, independent company that sells hardware with Ubuntu Linux pre-installed. This computer has a HyperThreaded 1.66GHz processor (50x faster than the PowerBook if you only count one thread, 100x if you count both threads), 2GB of RAM (500x as much), a 250GB hard disk (3125x as large), and a 1024 x 600 LED-backlit screen that can display millions of colors. It weighs 2 pounds, and costs $389. It’s also physically smaller, has a battery that lasts about 4x as long, and has a stupidly fast wireless card.

All that in 17 years.

Firearms, however, have been around for quite a bit longer than 17 years, yet modern firearms are essentially the same as they were fifty years ago.

Where’s my Star Wars-esque blaster gun? Get crackin’, guys…

If there’s anyone who reads my blog and is in the following areas over the next few weeks:

• Boston, MA
• Rome, Italy
• Sicily, Italy
• Athens, Greece
• Kusadasi/Ephesus, Turkey

and wants to get together for lunch and PGP key signing, I’d be happy to meet up. I can also do CAcert assurance, if people are interested. Let me know by email.

Anyone in the Phoenix/Tucson area want to get together for lunch and a PGP keysigning party? It’s been a while since I’ve participated in one, and it’d be fun to do one.

Evidently my USB flash drive walked away from me the other day. It was a nice one too: 8GB, 35MB/sec reads, rubberized, waterproof, and durable. I think someone at work snuck off with it, but the camera footage from the weekend had timed out by the time I inquired.

Oh well.

Until the latest version of Ubuntu Linux comes out.

I’m already using the release candidate on both my desktop and laptop and everything seems to be going well. The betas were, as expected, buggy, but the RC seems to do well. There’s usually a dozen or so updates released daily, but that’s hardly a problem, and normal for pre-release versions as they iron out the kinks.

First impressions:

• New default theme sucks. It’s like they took all the good parts of Mac OS X’s interface and make them worse. Horrible black-and-purple theme. I immediately switched back to the blue-tinted Human theme that’s served me well for some time. Honestly, I don’t know why they’d do this — most of the people who’d switch to Ubuntu come from a Windows background, so having the Mac-style, top-left location for close/min/max buttons makes little sense.
• The one major bug that’s been stopping me from using Ubuntu as my primary system for a few years has been resolved. When using the distro-supplied version of Firefox (but never the same version for Mac, Windows, or other versions of Linux), the backspace key in the WordPress admin interface (and only there) was slow and laggy. This has been fixed.
• I miss the colored “circle of friend” logo next to the Applicatiosn menu. The new gray one is a bit weird. Same thing with the lack of color in the Weather applet next to the system clock. Clearly more tinkering with the themes is needed, though I wish they made this a selectable option.
• One can now easily toggle the drumroll login sound. Excellent. I’m a fan of silent startups.
• Not supported with the scan-your-check-for-deposit service with USAA Bank. Strange, as the service uses Java, which Ubuntu has. Go figure. Emails have been sent.

All in all, it looks pretty nice. Many of the interface and usability quirks have been worked out, though I’m still not a fan of the default theme. So far, no major issues to report, but I’ve only been using it for a few days.

While it’s unlikely that Linux will displace Windows in the desktop market in the foreseeable future due to Windows’ huge network effect, Ubuntu is maturing quite quickly, and I suspect it will soon be the de facto standard for desktop Linux (something which is really important to many developers). It’s very nearly to the point where I’d have no problems recommending it to my mom.