Secure Email?

If you want to send confidential content via email you have to think about quite a few things. Its not enough to secure the channel you have to also secure the content. And when I say secure the channel, you have to hope it is, because while a lot of email endpoints or MTAs are now setup with optimistic TLS, some are not, and you won’t really know until you’ve been hacked.

And of course your metadata isn’t encrypted, and this might be as revealing as your content in some cases. DMARC, SPF, DKIM and so on will help, or you could run a scan with a tool like SSL labs on the domain, or some of the available mail test services against a known MTA, but that might be beyond some. As for mobile, things vary from OS to OS, version to version and so on.

PGP is still your friend here, but if you have your tinfoil hat on as well you might want to get away from some of the global multi-function services that have interests in aspects of your behaviour, your traffic patterns, email relationships and their attitudes to law enforcement requests. So, here is a quick, off the cuff comparison of a couple of services: MailFence and ProtonMail. Tell me where I have my facts wrong if you spot something!

Mailfence Protonmail
free version available yes yes
cost for upgrade €2.50 – €7.50 per month €4.00 – €24.00 per month
pgp yes yes
keychain yes no – but coming
secure non-user email Yes – PGP Yes – proprietary OTP
app x yes – Android, iOS
web yes yes
TLS yes yes
imaps, pops, SMTPS,… Yes – with paid versions No – but coming
SPF,DKIM,DMARC,… Yes Yes
mail yes yes
calendar yes no
contacts yes no
docs yes no
location BE CH
jurisdiction EU-BE CH
applicable law GDPR, NIS, ePrivacy CH
Multi Factor Authentication  Yes Yes
Other integrations POPs, IMAPs, SMTPs,
iOS, Android, Exchange, LDAP
 Business version
ssllabs test  A+  A+
custom domains yes – paid yes – paid
open source no yes
Advertisements

ExoPlayer 2 and streamed audio

September 26, 2017 Leave a comment

I need a good media player for on the go – in particular it needs a large buffer and robust retry. Standard Android media player library doesn’t seem to cut it. VLC on Android seems to use its own media library but it still cuts out and fails to reconnect at 70mph on the motorway. ExoPlayer might do it, but I need to test it out first. The ExoPlayer demo app is the starting point.

So

  1. Download the ExoPlayer v2 library and demo from GitHub. [git clone https://github.com/google/ExoPlayer.git%5D
  2. Install Android Studio v3. I have beta 6 – this is needed for ExoPlayer v2. You may also need to set the tmp location for studio if your tmp folder is a tmpfs location in fstab – studio is hungry. Set the tmp location in studio.sh
    export _JAVA_OPTIONS=-Djava.io.tmpdir=/var/tmp
  3. Set up the app in Studio by importing the ExoPlayer git directory. The demo app is referenced from the demo.iml.
  4. Have some getting to know you time with Studio, break gradle and its plugin, start again
  5. Edit the demo asset with the playlists and samples, but don’t edit it (i.e. cut it down) completely because there seem to be some code dependencies on certain parts of the structure of this file. [Explayer/demo/src/main/assets/media.exolist.json]
  6. Add some streaming URLs in an array of their own [e.g. see the list at http://www.suppertime.co.uk/blogmywiki/2015/04/updated-list-of-bbc-network-radio-urls/%5D
  7. Build, run and deploy to your device.
  8. UAT Test at 70mph…..

More later….

[12/10/17]

Have literally been roadtesting, while making some code changes. Exoplayer may or may not behave better than say VLC, but at least I have code and can try and make changes. So I have upped the number of retries and buffer settings using a LoadControl and passing this in a different constructor call for SimpleExoPlayer in the PlayerActivity. However, the 3G/HSDPA signal while on the road is still so choppy and unreliable that, according to LogCat, I am getting SocketTimeout exceptions. Buffers do not seem to be depleted, and at the current size equivalent to a 5 minute cache of the radio stream, I am wondering why I am getting cutouts so often. I don’t believe a buffer that size is being built up, or being depleted because sometimes when starting out playback begins in under a minute and is interrupted about a minute later. Need more info!

[16/10/17]

Playing with loadControl some more isn’t really going to help here. The root cause is the buffer or its consumption rate. It doesn’t seem to me to ever get to the point where it is allocated fully (e.g. if you set a minBuffer size of 1min, playback invariably starts before 1 min). And the DefaultLoadControl only comes with one other element – the Allocator – that can be used to manipulate the internals of ExoPlayerInternalImpl where all the work is happening. Tracing back the points where the player datastats are set so that the UI displays e.g. buffering points to a method shouldContinueLoading. This compares the min and max buffer to the current internal buffer size or allocation and continues if its somewhere in between. But the Allocator also has a minimum size that maintains a byte array for the buffer and that can be manipulated in the Allocator constructor. Doing this, I thought I had stumbled upon the answer because I got continuous playback on one part of my drive where I couldn’t before. Unfortunately, I got a socket exception after this. So back to square one? (I have tried another player and it has the same trouble).

 

Categories: technology

Openmediavault (omv), squid3 and webmin

July 7, 2017 Comments off

Need a proxy in addition to OpenDNS for kids to provide some additional parental control.

1) Install webmin as per latest instructions. Webmin has “unused plugin” for squid3. Check it runs on http://localohost:10000. Edit /etc/webmin/config to allow for unknown referers if you get xss warnings in the UI – “referers_none=0”

2) Install squid3. I had to chown proxy:proxy on the cache dir I wanted and add it to the cache config. (not essential). Edit /etc/squid3/squid.conf

#allow localnet access
 http_access allow localnet
 acl localnet src 192.168.1.0/24
 #allow webmin access
 acl SSL_ports 10000
 #add blacklisted URL keywords reference file
 acl blockkeywords regex_url /etc/squid3/keywords.txt
 #add MAC addresses to apply to
 acl sysmacs arp /etc/squid3/mac_addrs.txt
 #combine keywords and MAC for denial
 https_access deny blockkeywords sysmacs

Now, restart (sudo service squid3 restart) or apply the config in webmin.

3) Test – you should get a squid3 access denied page when you use your keywords on the machines with the configured MAC addresses. If you have trouble, back things out and start to test one-by-one. Dont forget to add the proxy config to your browser, or the wifi connection in android (long press -> modify ->manual proxy config).

Categories: technology

KDE Plasma 5 Icons

March 4, 2017 Comments off

Or launchers, or applications, or shortcuts.

As a reminder to myself, to add an application shortcut to your desktop (not a folder view) you can either

  1. drag from Dolphin to the desktop
  2. Right click the application (K) launcher -> Edit Applications. Choose a category to put your shortcut in then click “New Item” from the toolbar and fill in the details. Save.
  3. Now, back in the K menu, you should see your new application menu item.
  4. Right click and choose add to Desktop

If you want to move or resize your new icon, do a long-click on it until you get the KDE icon widgets showing you on the right hand side.

Bit of a palaver….

Categories: technology

Pineapple and Sweetcorn Ketchup

February 11, 2017 2 comments

Maybe not a ketchup, maybe a relish, maybe something else pasty and tasty !

(You’ll be swizzing at the end so dont bother with the extreme chopping or fake mortaring.)

Salt, chili, garlic, pineapple, sweetcorn kernels, star anise, water, sugar.

Saute salt and garlic to taste. Add a chili – I used a red one, and should have used a half instead I think, but I like it hot – don’t you?

Add pineapple and sweetcorn – I started with equal parts but added more sweetcorn in the end. Some water, or if you are using canned pineapple like I was (that Hawaiian pizza was nice too), add some juice. If not, I suppose some sugar might be good (white not brown or you’ll be overwhelmed. Add a star anise. Simmer until soft, and then some. Swizz a lot with your handheld swizzer.

EAT. YUM.

 

Categories: food and recipes Tags: ,

Don’t shallow fry Falaffels

January 30, 2017 Comments off

Because they crumble and die…..

Categories: food and recipes

Firefox sync limits

January 30, 2017 Comments off

Firefox on mobile seems to have a hard limit on the number of URLs it will sync. So, I have to dedupe and test my thousands of bookmarks somehow. A previous Check Links plugin has stopped working, and with the move to WebExtensions probably won’t be updated again. Nothing else in the add-ons store seems to meet the bill so I am going to have write some code. Makes a welcome change from the day job….

Sync docs seem a little behind the times too.

Thought I’d tackle it by exporting and manipulating the bookmark files as json and then re-importing, but the data is a bunch of nested children, immutable, and not all are bookmarks. After some coding it all starts to get a bit messy. Surely there is an easier way? Eh, probably: For a hint at accessing Firefox sqlite database see [http://myexps.blogspot.ie/search/label/Firefox] and for the sqlite bookmark schema see [https://developer.mozilla.org/en-US/docs/Mozilla/Tech/Places/Database]. 

The schema keeps changing it seems, and “tags” don’t seem to be in the tables any more (even tho they still exist) .  I seem to have lots of triplicate entries in moz_bookmarks too. And Sqllite doesnt support sensitive type or concurrent connection types, so it looks like a case of going through each entry in moz_bookmarks (17000 odd), checking/pinging each URL, recording the id of each fail and then using a preparedStatement to delete these rows. Better make a backup first!

Code on Github at https://github.com/uoccou/firefoxbookmarks. Depends on another project alink-utils (with Mockito, Powermock tests). Tests for bookmark checker are a WIP for now, as is documentation.

https://docs.services.mozilla.com/sync/objectformats.html#bookmarks

Categories: technology