On Changing Mail Servers

My personal, non-blog-related domain has used Google Apps for email for years. In essence, one gets all the benefits of Google Mail (excellent spam filtering, IMAP/POP/SMTP, huge amount of storage, reliable infrastructure, etc.), but for one’s own domain. Very handy.
One of the advantages of having one’s own domain is that one is not bound to a specific email provider; one can change the back-end provider relatively easily and with essentially no disruption. Over the last 11 years, my personal domain has had probably half a dozen providers handling email, with Google Apps providing service for about the last four years.
While I’ve been quite satisfied with Google Apps (( Although there are a few quirks when using IMAP due to the fact that Gmail uses “labels” instead of “folders”, they’re minor and easily adapted to. )), I always like to check out alternatives at intervals, much like I do with car insurance.
Fortunately, Google makes moving away from their services extremely easy: it’s trivial to move mail to the new server by IMAP, and a few simple changes to my DNS records now direct mail to the new server. Everything was done with about 5 minutes of work.
There’s two quirks with moving away from Google Mail, though.
The first is that Google Mail is primarily web-based, and offers IMAP/POP service as a feature, while the new service is primarily IMAP/POP with webmail as a feature, and so their webmail is pretty basic.
The second is that Google has excellent spam filtering, mostly based on the input of its brazillions of users marking messages as spam or not spam. The filtering takes place on the server side, which keeps spam levels in one’s inbox to a minimum regardless of whether one uses webmail or IMAP/POP. Marking messages as spam or not spam is trivial and totally in-band (click a button on the webmail interface, move the message to an IMAP folder if using a client).
The new provider offers some server-side filtering, but it’s nowhere near as good as Google’s, and using the server-side filtering requires identifying spam or non-spam via out-of-bound methods (clicking a link in the email, which opens a browser window) which is a bit tedious. I can do better filtering on the client side, but that means that accessing my email with the webmail interface (which doesn’t have the filtering ability of my mail client) results in a massive amount of spam polluting the folder.
Slightly frustrating, to say the least.
I’ll give this other provider a few more days to see if their spam filtering can adapt to deal with the onslaught, but for my purposes (mostly webmail, with occasional IMAP use), Google Apps’ service appears to be better. However, in the event that Google turns to the dark side, it’s good to know there’s options.

Joe on Mobile Crypto

The Saudi and UAE governments are thinking of banning certain services on BlackBerry phones, as theyare encrypted and communicate to foreign systems.
Joe reminds us that while encrypted communications can be used for nefarious purposes, they can also be used for good. Phil Zimmermann, inventor of the common encryption software PGP feels the same way.
Indeed, they are used for good far more than for evil, and their use is almost ubiquitous: essentially any site that deals with personal or financial information is SSL-encrypted. Gmail uses SSL by default, and now even Google Search is available over SSL. Most instant-messaging clients use SSL between the client and server, and Skype uses transparent, end-to-end encryption for all voice, video, and chat messages, as well as file transfers.
In a way, crypto is not unlike firearms (( Even the government considers certain cryptosystems to be munitions, and restricts their export, although the restrictions have been considerably lessened in my lifetime.)) : it can be used by bad guys plotting dastardly deeds, but its benefits to society are considerably greater than its drawbacks.
In fact, I consider strong crypto to go hand-in-hand with free speech: being able to speak privately (and, on a related note, anonymously) is one of the strongest foundations of liberty. I hold this believe so strongly that I regularly use and encourage others to use strong crypto in their everyday lives. For those wishing to contact me securely, my PGP key is available here. One can also send me an S/MIME-signed message and I will reply with a signed+encrypted message.

On Openness

Last night I had the pleasure of having dinner with several members of the local free unix group. While the conversation was interesting, stimulating, and extraordinarily geeky, a particular exchange struck a chord with me.
We were discussing opportunistic encryption and how, despite its shortcomings, it’s still better than nothing (( For example, STARTTLS for SMTP offers no protection from a man-in-the-middle attack, as certificates are not checked against a list of trusted authorities. However, this is no different than if the message was sent over an unencrypted link, but STARTTLS offers protection against passive wiretapping. )). Several of us lamented that implementing strong security is often hard, and usually beyond the abilities of most average users. Thus, having opportunistic encryption on the server end (e.g. having webmail, IMAP, POP, SMTP, etc. connections use SSL by default) can often add security to an otherwise insecure connection without needing any action on the user’s part.
One of the other folks at the meeting mentioned that if we had a completely open, transparent society, then we wouldn’t need to worry about such security, as there’d be no secrets to protect.
An interesting concept, to be sure, but not one I can really see taking off; people have too many secrets.
Perhaps it’s not secrets on the scale of nuclear weapon schematics, orders of battle, or other secrets of that magnitude, but most people have information that they either wish to keep to themselves or share with a limited number of people without that information being known to the general public: medical records, business plans, love letters, financial information, etc. Most people have a reasonable belief and expectation that their phone calls and emails are private, even though such communications are almost always insecure. This, I think, needs to change — private citizens need more control over their personal information, particularly when their information is stored and transmitted by third parties.
Take, for example, Facebook: people post an enormous amount of personal information to Facebook on a daily basis, and feel comfortable doing this because Facebook allows various degrees of control over who can access that information (( Of course, that information can always be re-published by users who are authorized to see it, or through security breaches and other nefarious methods.)). Whether or not they should feel comfortable posting personal information online is an entirely different matter, but users do have some degree of control over their information and they can choose to not post their information in the first place.
On the other hand, look at ChoicePoint. They gather information from a huge variety of services, collect it, and sell it. The amount of data they store is staggering. There’s a lot of issues with ChoicePoint which, to me, relate to control of information: private citizens are not ChoicePoint’s customers, and have no leverage or ability to change the information collected or stored by the company. Once the company has the information, they’re unlikely to let it go.
As a personal example, I recently moved from Tucson to another city in Arizona to live with my wife. I filled out the change-of-address form with the USPS. She filled out the forms with various government agencies to change her last name after the wedding. Suddenly, we’re bombarded with mail saying, in general, “Welcome to the neighborhood, [last_name] family! Here’s [various_commercial_offers] for new residents!” She’s lived at that address for years. We don’t want this crap, nor did we sign up for it, yet our names and addresses have become public record by the simple act of changing my address and her changing her last name. At the very least, there should be a means of preemptively opting-out from the disclosure of this information to entities outside the post office and government. Same thing with voting records — evidently voter registration information is public, including one’s name, address, and telephone number (I’m not sure about political affiliation, but I wouldn’t be surprised if it were public.). Every election cycle, we get bombarded with?political?mailings and phone calls, with no means of opting-out from them.
My wife and I have no problem with certain information being used for legitimate purposes. For example, the post office needs to know my new address so they can forward mail. This is fine. The Social Security Administration and Motor Vehicles Department need to know that my wife changed her last name. That’s also fine. We even understand that credit and insurance companies need to have some means of evaluating how much of a risk a potential customer might be, and that some information must be shared (( Though it’d be nice if information-sharing was prohibited by default, and that one would need to authorize an individual company before they’d have access to the information. Of course, a creditor would rightly refuse to offer credit to someone unless the individual authorized that company, but right now that data is basically free-for-all.). But we do have major problems with a lack of control over personal information.
In short, the default state for information relating to private citizens should be “private”, and individuals should have the ability to control the distribution of their personal information. Basically, it’d be nice to have Fourth Amendment-type protections against corporations, as well as government. Cryptography only goes so far, but it can help.
Public companies and governments, on the other hand, are a completely different matter. With certain limitations (trade secrets, legitimate national security interests, etc.), I think that information should be open and transparent to the public, particularly when an organization interacts with private citizens or their personal information.

Technology Marches On

In 1993, I was but a young lad of 11. At the time, my parents purchased a PowerBook 165c, the first color Mac laptop. It had a whopping 33MHz processor, 4MB of RAM, an 80MB hard disk, and a 8.9″ 8-bit 640 x 400 color passive matrix display that could display 256 colors. It weighed about 7 pounds. According to LowEndMac, it cost about $3,400. Ouch.
Today, I was looking at a new netbook made by System76, a small, independent company that sells hardware with Ubuntu Linux pre-installed. This computer has a HyperThreaded 1.66GHz processor (50x faster than the PowerBook if you only count one thread, 100x if you count both threads), 2GB of RAM (500x as much), a 250GB hard disk (3125x as large), and a 1024 x 600 LED-backlit screen that can display millions of colors. It weighs 2 pounds, and costs $389. It’s also physically smaller, has a battery that lasts about 4x as long, and has a stupidly fast wireless card.
All that in 17 years.
Firearms, however, have been around for quite a bit longer than 17 years, yet modern firearms are essentially the same as they were fifty years ago.
Where’s my Star Wars-esque blaster gun? Get crackin’, guys…

PGP Key Signing?

If there’s anyone who reads my blog and is in the following areas over the next few weeks:

  • Boston, MA
  • Rome, Italy
  • Sicily, Italy
  • Athens, Greece
  • Kusadasi/Ephesus, Turkey

and wants to get together for lunch and PGP key signing, I’d be happy to meet up. I can also do CAcert assurance, if people are interested. Let me know by email.

3 Days

Until the latest version of Ubuntu Linux comes out.
I’m already using the release candidate on both my desktop and laptop and everything seems to be going well. The betas were, as expected, buggy, but the RC seems to do well. There’s usually a dozen or so updates released daily, but that’s hardly a problem, and normal for pre-release versions as they iron out the kinks.
First impressions:

  • New default theme sucks. It’s like they took all the good parts of Mac OS X’s interface and make them worse. Horrible black-and-purple theme. I immediately switched back to the blue-tinted Human theme that’s served me well for some time. Honestly, I don’t know why they’d do this — most of the people who’d switch to Ubuntu come from a Windows background, so having the Mac-style, top-left location for close/min/max buttons makes little sense.
  • The one major bug that’s been stopping me from using Ubuntu as my primary system for a few years has been resolved. When using the distro-supplied version of Firefox (but never the same version for Mac, Windows, or other versions of Linux), the backspace key in the WordPress admin interface (and only there) was slow and laggy. This has been fixed.
  • I miss the colored “circle of friend” logo next to the Applicatiosn menu. The new gray one is a bit weird. Same thing with the lack of color in the Weather applet next to the system clock. Clearly more tinkering with the themes is needed, though I wish they made this a selectable option.
  • One can now easily toggle the drumroll login sound. Excellent. I’m a fan of silent startups.
  • Not supported with the scan-your-check-for-deposit service with USAA Bank. Strange, as the service uses Java, which Ubuntu has. Go figure. Emails have been sent.

All in all, it looks pretty nice. Many of the interface and usability quirks have been worked out, though I’m still not a fan of the default theme. So far, no major issues to report, but I’ve only been using it for a few days.
While it’s unlikely that Linux will displace Windows in the desktop market in the foreseeable future due to Windows’ huge network effect, Ubuntu is maturing quite quickly, and I suspect it will soon be the de facto standard for desktop Linux (something which is really important to many developers). It’s very nearly to the point where I’d have no problems recommending it to my mom.

On Ads

I really, really,?really dislike online advertising.
I find the claims made by many ads (( “Obama wants you to go back to school!”, “Obama wants you to refinance your house!”, etc. )) to be offensive to my intelligence, and I am not remotely interested in teeth whitening or novelty means of losing weight (( If I was, I’d be talking to my doctor, not clicking an ad. )). Fad diets and colon cleansing are right out.
No, I don’t want to punch the monkey or, for that matter, Osama bin Laden. I don’t want poorly-made faux Windows XP ads warning me that my registry isn’t optimized. I am certainly not the 1,000,000th visitor to a particular site, and I know I have not won any sort of prize. See “Free Lunch, No Such Thing As A”. Making them blink, flash, or vibrate around in ways that induce seizures will not make me click them. Sites that host such ads will likely have me take my eyeballs elsewhere.
I understand that advertising is an important means of funding the operations of many sites, large and small. I don’t begrudge non-intrusive advertising that tries to be somewhat related to what I’m reading. If I’m reading a page that’s talking about, for example, astronomy,?advertisements?for telescopes would be on-topic and related. So long as they’re not obnoxious, don’t blink, flash, pop-up, expand, make noise, or cover/crowd out content, I’m ok with that. If ads for teeth whitening or weight loss come up, that irritates me. If I’m reading a gunblog and there’s an ad for ammo, that’s fine…indeed, I might click the ad to see if the site in question has good deals. If the ad’s for some new TV show, I could care less.
Over the last few years, I’ve routinely used Adblock Plus, an outstanding Firefox add-on that allows one to block ads on pages one views. All this time browsing the web ad-free has been fantastic, and really sped up my browsing.
However, I realize that my actions may have resulted in a financial loss to several of the sites I visit, so I’ve decided to do an experiment: I’ve turned off Adblock Plus and removed the “opt-out” cookies from various advertisers (( This add-on for Firefox makes your choices permanent, even if you clear cookies. )) so they can “target” ads toward my “interests”. Google makes it really easy to view and modify the categories and interests that Google associates with your ad-viewing habits. Cool.
First impressions:

  • Holy moly, there’s a lot of obnoxious ads out there. I really don’t care that George Clooney and Anne Hathaway are “geeks”, nor is it relevant to my interests that a site exists for “Geek 2 Geek Dating”. Such ads are not remotely related to my reading of the news. Flash ads can go die in a fire, as can ones that play sound.
  • On the other hand, there’s a lot of great, on-topic ads. Take, for example, this page. The site allows car owners to enter information about their fill-ups and does some neat stuff with it. On the left there is a color-and-style-matched Google text ad that blends in with the overall layout. At the time of my browsing, it was showing subtle ads for Honda Civics (hey, the page it’s being displayed on is about the Civic! Fancy that.),?Hyundai?Elantras (a competitor to the Civic), and a few other car-related ads. Not obnoxious at all, and relevant to the topic at hand. I approve.

I’ll continue this experiment for the next week or two, after which I’ll turn back on the various protective measures. Based on my results over the experimental period, I’ll consider allowing ads on specific sites that I frequent and that don’t have annoying ads. Those that have irritating ads will be blocked.
Additionally, I’m going to make the following statement: unless it’s absolutely necessary from a financial/operational standpoint (( Or someone is willing to give me an absolutely outrageous sum of money. )), I will not display ads on this site. In the event that I do display ads, they will be subtle and as on-topic and relevant as I can make them. Fortunately, this site requires on the order of $20/year for hosting, domain costs, and other related expenses, so such expenses are barely worth talking about.
That said, I do use services like SiteMeter, Google Analytics, and QuantCast to get some interesting information about visitors. Basically, I like to see where visitors are coming from, mostly so I can edit a post to say “Hi, visitors from [referring site]!”. That, and I like looking at shiny graphs. Having a third-party service do this is far less of a hassle than analyzing server logs, though I’m considering turning off Google Analytics, as it doesn’t do quite what I want it to. I don’t seek to gather any personal information. Hopefully this is not objectionable.

Downtime

Sorry for the recent downtime.
My host says the explanation for “Saturday morning’s downtime was caused by the hardware failure of a not-as-redundant-as-claimed power supply. Monday morning’s downtime was caused by a software error triggered by the rebuild process that occurred after the system came back online. On Saturday morning, we fixed the hardware problem, and now we are addressing the software problem.”
Things are stable now, and they’ll be moving the disk cluster from the existing hardware onto new hardware in the near future, hopefully increasing reliability.
Whee.