Even though I don’t email top-secret information on a daily basis (OK, actually never), I would like the option to make my email secure. It makes me feel better to know only those whom I intend to read it can do so. Pretty Good Privacy (PGP) is an email encryption computer program that didn’t sound promising, but after some research I found that it suffers from a humility complex — PGP is actually very strong, solid encryption. PGP allows you to encrypt your email communications so you can be sure the messages are only read by the person you intended.
I have been a fan of Thunderbird (read my review) for quite some time, and recently came across an extension called Enigmail which promised to give me the PGP security capabilities I was looking for. The Enigmail extension provides the security in a simple and straightforward way and nicely integrates into Thunderbird. The encryption is handled by the GNU Privacy Guard (GnuPG), a free version of PGP.
Here is a simple example of how PGP works. Dave wants to send Jesse an email. Both Dave and Jesse have Thunderbird and Enigmail installed. Both use Enigmail to generate a key pair. Dave gets a private key and a public key, and Jesse also gets his own public and private key. The public keys are public; Dave and Jesse share those with each other. The private keys are private, they should never be shared. The two keys work together to encrypt and decrypt messages. If something was encrypted with the public key, it can only be decrypted by the corresponding private key.
OK, back to Dave and Jesse. When Dave sends Jesse an email, Dave encrypts the message using Jesse’s public key (Dave has access to Jesse’s public key because it is public). When Jesse receives the message, Enigmail will automatically decrypt the message using Jesse’s private key and Jesse will read the message. To anyone else viewing the message it would look something like this:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.3rc2 (MingW32)
hQIOA6x3yUQjMAdqEAgAvyC+x6frLRnxE8u67BRQAFb2Jrj
NQdBoN2uFKH6x2DGJeggTSL2aGyABsFSr8eva4j4QWSnVfa
DC5P5EOwEQykSvK65TC9Mi5nX6DpEaClQAz/FDIyM+gr3r0
WYWE560YS4KSKz8CHPkIK3E3MruZVNTSn7CVQjHNbzJmgpJ
fgij2jFt59PgXpUgYxX5idkV0TitdR2O7Uv/VBSbRJCpWlK
hQDcX/k21Gcd89sqES6g6iP/pYXYghCo36pitjIhIwf7Bhk
Tv7rCDjQ8QR4+WFnYk9UVjL9KbWlqbn2awBejVQOqSH2j/f
QV4ry7qPVDODGlY0plIy28nUv7WaNt18E+9mS1e+AcGc/5V
WswmxMwM65qV7/1MiqaJ9fc8NdzUsA3peAfiv56dJuJJQRp
W/PD5WKWf9dDUmwRX6Qql36MMQCguwcBfhZZ1rVFQuZYARh
aiMjOS1+Xhrk8FQZnRYu+rmEpT6sXdkpAdvKelE1y/v5lDs
PdLACAEOW7aQoaxAm03WL4w/jGZAI5FB70VUG9kyEN+Xy2E
fUPF2LBTc/72pjvDrxb6O7lMXtpfgy49Lt+2clg2yqvefBt
jg/GmbdxGZMz1rWXDUuZsd9GdfKwxrmvQN8fSTc7FKcIC7h
1uYv7X8dpubuVdParSQKS4WX7d+7J/CNgUQkWytrMtcdWuH
pRgPtdSlxbIC1GQ7
=OCNT
-----END PGP MESSAGE-----
When Jesse wants to reply to Dave’s initial encrypted email. Jesse encrypts the entire message using Dave’s public key and sends it to Dave. When Dave gets the message, it is decrypted using Dave’s private key. Neither person ever touches the other’s private key — it remains private. Dave and Jesse have now exchanged emails securely using PGP.
PGP is strong stuff. Famous cryptographer Bruce Schneier said PGP is “the closest you’re likely to get to military-grade encryption” (Applied Cryptography, p. 587). The reason it is so strong lies deep in PGPs cryptographic and mathematical roots, which we won’t delve into here. Just know that it’s not going to be cracked. Experts doubt any groups, even large government agencies, are capable of decrypting PGP messages. It’s good encryption.
Another great tool I found for PGP encryption and message signing is WinPT (Windows Privacy Tray). It’s a free, open source program that manages your PGP keyring (your public and private keys) and the public keys of others. One of the cool things about WinPT is that it’s a standalone application that you can use to encrypt or sign messages in a regular text document. So, for example, if you’re at work and don’t have access to your Thunderbird application, but you do have webmail access, you can still send encrypted and signed messages from your webmail client. You can also decrypt messages sent to you. All you need to do is copy and paste the plain text into the WPTray clipboard and select the Encrypt, Decrypt, or Sign options. WPTray will do the dirty work, and you simply copy and paste the results into the message body and send the email.
You can check out my public key page to import my public key into your PGP key manager so you can send me an encrypted email. Please don’t send anything which may compromise national security, but if you want to keep Mom’s famous apple pie recipe safe, PGP is great encryption, and using Thunderbird and Enigmail together make it easy and available to the masses.
May 3rd, 2006
I have an older computer that is no longer my primary machine. However, my family still uses it often, mainly for the basic computing tasks: surfing the web, emailing, word processing, listening to music, and playing a few games. Because I’m not on the older computer often, I worry about it getting infected with viruses and other malware, having the kids mess up all of the settings, and having to spend the time to fix all of those issues.
I decided to install an alternative operating system. Even though I own a license for Windows XP Pro, I decided to use Ubuntu linux as the primary operating system for the machine. I used Ubuntu for several reasons:
- It has what I need
Ubuntu is a linux distribution, meaning it contains the operating system (linux) and a collection of other open-source software packages. When I install Windows XP, I don’t get a whole lot included with the operating system. I still have to purchase or download free alternative software for word processing, virus scanning, image editing, etc. With Ubuntu, most of the software I need was included on the installation disc.
- It’s free
I can’t afford to shell out big dollars for software, and I’m not a software pirate. The operating system and included software are totally free. The folks who create Ubuntu will even ship you the CDs for free.
- It’s secure
With Ubuntu, I don’t need to worry about viruses or spyware. Because Ubuntu is a *nix-based OS, the user accounts are not machine administrators and each user has individual settings and storage space. That means the kids can’t change system settings and wreak havoc on the computer. They don’t have access to other users’ files, meaning they can’t destroy Mom’s recipe cards she has been typing up for the last two weeks.
There are several other reasons why I chose Ubuntu. Installing new software and updating software is a breeze, so system maintenance is drastically decreased. I can also use the system as a file server, so it can act as a central repository for all of our mp3s, photos, other files, and backups. The data can be accessed from Windows, Mac, or other Linux computers on our home network. Ubuntu can also act as our print server, so all other computers in our home can print to the printer hooked up to the Ubuntu machine.
However, Ubuntu isn’t perfect. I didn’t like that it didn’t support mp3s and other video formats out of the box. It also didn’t have support for Flash or Java. However, I have discovered a few scripts (Automatix and EasyUbuntu) which can easily add all of the formats, codecs, and other niceties missing from the install discs. One other thing missing is power management. Since this computer can go long periods of time without being used, I would like to have it go to a standby mode to shut off the hard drives and monitors after a period of inactivity; but it would need to support wake-on-LAN. I have read power management is currently being developed for the next version of Ubuntu, so I am looking forward to easily updating my software for this feature.
Overall, Ubuntu has been great for my needs and is getting better. I have had some issues getting the file and print sharing just right (fodder for future articles), but Ubuntu has been a great alternative operating system so far because it has what I need, it’s free, and it’s secure.
March 30th, 2006
Oracle Applications version 11.5.10 introduced an new piece of the Oracle Application Object Library named Oracle User Management. User Management totally changes the user management paradigm. Although I am relatively new to Oracle Applications, I had to quickly understand how users and permissions worked to grant access in the system. With User Management all of that changes… sort of.
The old model consisted of users and responsibilities. A user would be given several different responsibilities (ie Payables User, Inventory Inquiry), and each responsibility would give access to a given application or subset of functions within an application. The user would change responsibility to access different functions of the system.
The new User Management module (short name: UMX) introduces roles. Roles and responsibilities don’t seem to be too different at the surface, but demonstrate many differences when you dive into the details.
One major update is role inheritance. This should simplify user management because of the cascading privileges. For example let’s say a company has three inventory roles: Inventory Inquiry, Inventory User and Inventory Manager. The Oracle group decides to add a new inventory report which should be accessed by all users with any of the three inventory roles. Add permissions for that report to the Inventory Inquiry role and it will be inherited automatically by the Inventory User and Inventory Manager roles. Role inheritance is quite easy to set up.
Allegedly, Oracle User Management also includes the functionality to allow for delegated administration. I haven’t been able to set this up and get it working yet, but it seems like a nice concept. Delegated administration allows a given role to manage other roles. In our example above, the Inventory Manager would be able to bump up an existing user from Inventory Inquiry to the Inventory User role. Because our Oracle group spends several hours per week on this type of issue, getting this functioning properly would free us up to improve other areas of the system.
Similarly, Oracle User Management allows for some self-service by users. They can request additional access to the system, which travels through the workflow approval. Others can request access to the system initially by completing a web form that is accessible at the initial login screen. All of these requests can be monitored and approved or denied through the workflow engine.
Personally, I don’t think User Management is quite ready for primetime. I’ve encountered several bugs and issues during setup, several of which weren’t addressed or fixed to my satisfaction. Many of those problems seem to be because Oracle User Management is new and because it is a significant change from the previous model. We will try it again in 11.5.10.2 and hope Oracle has spent significant time improving the User Management module. Please let me know if you have any more luck than I have had so far.
February 23rd, 2006
I have recently accepted a job as an Oracle Business Analyst at a small, but quickly growing company. As an Oracle Business Analyst I am heavily involved with many aspects of the company’s business software, centered on the Oracle e-Business suite. Here are a few of my lessons learned during my first three months on the job:
I still have a lot to learn. Even though I’ve been a user of large systems, and even spent a couple years as a project manager for several complicated web-based systems, I haven’t ever seen anything as vast as Oracle Applications. Oracle is a whole new world. Our installation includes modules for inventory, accounting, purchasing, distribution, and planning all together, and we’re constantly adding more modules.
I have been tasked with heading up a project configuring Oracle Product Lifecycle Management (PLM) (also known as Advanced Product Catalog). PLM ties into inventory, product setup and change management, adds features for our marketing group to move product ideas into actual products, and adds change management features to move products gracefully from womb to tomb. Sounds easy, right? Nope. I’ve been looking at this module for a couple months now, and I don’t even have a semi-working prototype up and running yet.
User interface matters. Oracle has reinforced my belief that the user interface matters in a software application. I’ve always been one of those IT guys who firmly believes the UI actually is an important piece of the puzzle. Some Oracle Applications have bad reputations strictly because of the user interface. The forms that most users see are java-based and pretty clunky looking, so therefore the perception is that Oracle is clunky as a general rule. Some of the more recent applications have been entirely web-based and feature a more familiar UI. These modules don’t get the same complaints — they are perceived differently by users.
Documentation, documentation, documentation. The Oracle supplied documentation is less than adequate for implementing most modules. Oracle does a good job of providing documentation, but it usually lacks the amount of detailed steps to follow to get the software up and running properly. The questions I have had while implementing PLM and Oracle User Management have not been answered by the supplied documentation.
Because the Oracle documentation doesn’t provide adequate instruction, it is imperative to document any changes made to the system in order to retrace those steps. Usually an implementation will be first done in a development instance, and then eventually moved into production by following those same steps. If you haven’t recorded everything you have done in development, you will spend too much time trying to recreate those same steps in production. Having properly documented those steps will save a great deal of time and trouble.
February 9th, 2006
The folks at Mozilla (the makers of the wonderful Firefox web browser) have recently released Thunderbird 1.5, an update to their solid (and free) email client. I have been using Thunderbird for about a year now and have been very impressed with the product; it looks like it has improved even more with the 1.5 version.
Overall, Thunderbird is a very viable option as an email client. While it may not shine in a corporate environment with the need for calendar sharing and other corporate features, Thunderbird is great for the home user. It handles the basics very well. Sending, receiving, writing and organizing email messages is nice and easy, with all the features the average home user needs.
The inline spell checking is a nice addition to this version. Words are spell checked as you type and underlined in red if amiss. I like the automatic spell checking feature, although I’m sure the red lines and automatic correction will eventually produce a generation of the worst spellers (sans computer) the world has ever known.
Unfortunately, having a junk-mail filter these days as part of an email client is a must-have feature. Thunderbird’s filter is very easy to use and gets better as you get more spam. I haven’t noticed too many false postitives (messages that are not spam that get directed to the junk-mail folder) in the past year I have been using Thunderbird. It seems to do a good job.
Setting up Thunderbird was a breeze. It can grab all of your addresses and email from previous desktop clients. Adding and editing email account settings was also very easy. I have several email accounts and I like how Thunderbird handles the multiple accounts. It’s a simple thing to compose an email and send it from one account and not the other.
One thing missing is an integrated auto-archiving or backup feature that would let you easily schedule and create backups of all important emails. Since another key selling point of Thunderbird is all of the extensions (or plugins), someone could write a simple extension that provides this functionality, but it would have been a nice included feature in version 1.5.
In conclusion, I like Thunderbird. It’s easy to use and extend, it has the basic features that most users need, it’s completely free, it won’t propogate viruses, and it does a good job of handling spam. What else can the average home user ask for?
January 23rd, 2006
Next Posts
Previous Posts