First build thunderbird
wget ftp://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/12.0.1/source/thunderbird-12.0.1.source.tar.bz2
Install dependencies
sudo apt-get install libdbus-glib-1-dev gir1.2-notify-0.7 libnotify-dev yasm checkinstall libzip-dev zip
Remove the previous version and make sure that there's no existing comm-release directory
rm comm-release/ -rf
tar -xvf thunderbird-12.0.1.source.tar.bz2
cd comm-release/
./configure --disable-necko-wifi
The next step will take a little while (30-60 minutes on a slow computer)
make
And then install
sudo make install
Then install add-ons:
Lightning 1.4 (Sunbird is being discontinued)
Provider for Google Calendar 0.9 (otherwise you won't be able to dismiss calendar reminders)
Engimail 1.4.1 (see http://verahill.blogspot.com.au/2012/05/encrypting-your-email-chat-and-phone-in.html)
02 May 2012
128. Encrypting your email, chat and VOIP in linux (Debian Wheezy)
I'll show how to use GnuPG with Gajim, mcabber, Evolution, Thunderbird and Mutt below
.
I'll also show SRTP/ZRTP using Twinkle with iinet for encrypted VOIP calls -- this solution should work computer-to-computer, but not from computer to phone and vice versa.
You may also want to look at truecrypt (http://verahill.blogspot.com.au/2012/04/using-truecrypt-with-dropbox.html) to secure your files and/or devices, in particular portable storage media like USB sticks. Truecrypt is a good way of backing up or managing your pgp/gpg keys.
I do recognise that there's a lot of info on this page, so don't feel shy about using 'search' to get to where you want to be.
Why?
If you have nothing to hide, why worry?
University and company email systems get hacked. What you do and say can come back to haunt you in unintended way. A lot of employers in the US are scared of submitting honest letters of recommendation because they fear getting sued if they are not favourable enough. Politicians are, often illegally, using private email for official business.
On the one hand, if something doesn't pass the 'newspaper test' (how would you feel if this was the headline on today's newspaper?) maybe you shouldn't be doing/writing/saying that.
On the other hand, in particular in academia, it is important that discourse can be direct and honest.
For these reasons I favour using PGP/GPG encryption as much as possible, since I feel that it strikes a good balance between the need for privacy and unfettered discourse, and the need for a paper trail. PGP/GPG encrypts the content of your conversation, but still leaves it open with whom you converse, thus providing a trail ensuring that you don't get involved in something which you shouldn't.
In some jurisdictions this means that you can be ordered to decrypt your conversation, while, to my understanding, in e.g. the US the content and relevance of the conversation needs to be known to some extent for this to happen. The bottom line is that you will be involved in the release of the material, and that it will take a court order for that to happen.
As with everything else, encryption is just a tool, and it can be used responsibly for good purposes, or irresponsibly with bad intent.
And if even you truly don't have anything to hide, you may support the right for each citizen to decide for themselves whether they want to use encryption or not. The view of law enforcement in many countries seems to be that only criminals have reasons to use encrypted communication, while at the same time security/intelligence agencies believe that their job becomes more difficult to do if they can't sniff all traffic (e.g. ECHELON). These are legitimate opinions, but as with everything you have to make a choice between how much liberty you are willing to sacrifice for a little bit of security. You have to decide for yourself where you draw that line.
Enough meaningless banter, time to get configured.
1. IMPORTANT
The key KEY principle is that:
1. the PUBLIC key ENCRYPTS
2. the PRIVATE key DECRYPTS.
You can encrypt with a private key (e.g. signing), but then anyone with your public key can decrypt it.
I'll write this in bold because it is central to encryption with public and private keys:
use the recipients PUBLIC key to encrypt correspondence to them, and they should use your public key to encrypt correspondence to you. If a private key is used to encrypt, everyone can read the correspondence.
IF, on receiving an encrypted email from someone else, you have to go online to download their key to decrypt, then they used their private key and not your public key to encrypt. That is wrong and INSECURE.
A side effect is that,UNLESS you cc and encrypt to yourself using your public keys when emailing, you WILL NOT BE ABLE TO READ SENT EMAILS which have been encrypted using someone else's public key.
In a more formal setting you will probably want to use expiring keys. For personal use, keys that don't expire are probably fine.
2. How?
2a. Keys and key-management
First install seahorse, gnupg, and gnupg2.
Regardless of how you create your key, it will be found in ~/.gnupg
ls ~/.gnupg/
This means that anyone with root/sudo access on that system can access your private key and decrypt all your correspondence unless you password protect it. In general, don't store your key on a shared computer.
Creating a key
gpg --gen-key
Do
>trust
to set the trust level. Ultimate for your own key, full for your pals.
Publish your PUBLIC key:
You can either do this directly using seahorse (very easy), or, if you prefer a more manual approach:
gpg --export -a
2b. Chat
Gajim
Gajim is seven kinds of awesome, but is primarily used for jabber-compatible protocols. This means gmail gmx, etc.
To set up encryption for an address, go to Edit, Accounts, select the address and go to the Personal tab.
Before you use gajim to encrypt chat you may need to rightlick on the recipient and assign the correct key:
Once all that is done, encryption is easy.
mcabber
Mcabber is a terminal chat client and that makes configuration very easy.
Edit ~/.mcabber/mcabberrc and add (or uncomment):
Anyway, start mcabber, select the contact you presumably already have a key for and type:
/info
05-02 16:02 *** jid: <xxx.xxxxx@xxxx.xxx>
05-02 16:02 *** Name: xxxxx at xxxx
05-02 16:02 *** Type: user
05-02 16:02 *** Subscription: both
05-02 16:02 *** Resource: [o] (50) Gajim76E72461
Status timestamp: 2012-05-02 16:02:09
PGP key id: 06403515C1XXXX6B
Last PGP signature: good
The contact is recognised and you have their key. So, you should be able to simply start chatting.
Switch encryption on and off using
/pgp enable
and
/pgp disable
So how can you tell whether it's encrypted or not?
05-02 16:02 -~> This is encrypted
05-02 16:09 --> This is not encrypted
Yup. A ~ makes the difference.
Received encrypted messaged look like this:
05-02 16:12 <~= encryption the other way
2c. E-mail
Evolution
Evolution supports integration with gnupg out of the box, but each email address needs to be configured separately. Start evolution, click on Edit, select Preferences, Mail Accounts, highlight the email address you want to configure, click on Edit. Select the Security tab in the Account Editor and type in the key ID.
When you're composing, this is what meets you:
You will have problems encrypting to people who's keys haven't been associated properly with the email address you're composing to.
Thunderbird
Thunderbird isn't as well-supported for PGP/GPG as evolution but there's an add-on, Enigmail 1.4.1 (you might have to download it manually from http://enigmail.mozdev.org/download/index.php.html), which is compatible with Earlybird/Thunderbird 11. The downside on using an add-on is that compatibility sometimes breaks.
Once you've installed enigmail via the add-on menu and restarted, you can set the preferences:
Go to Edit, Account Settings, and uncheck use html under Composition and Addressing for each address. Partly because signing will work better, but mainly because you have no reason to use html. Ever.
And this is how it looks when you are composing emails:
Mutt
And it now shows 'Security: Encrypt', and you can send.
Encrypted VOIP
While skype encrypts by default, skype isn't 'open', and you are not in control.
For twinkle (below), you need a sip address. You sometimes have one via your ISP, but you can also get one for free from e.g. https://www.ekiga.net/index.php?page=register
Twinkle and ccRTPp are available in the debian repos.
sudo apt-get install twinkle
pulls in everything you need
Next, start twinkle and configure it:
Next log in:
My guess is that you need to include the country code. Don't forget to drop any leading 0s off the area code (the scatter brained cause of the failed call listed in the log below)
.
I'll also show SRTP/ZRTP using Twinkle with iinet for encrypted VOIP calls -- this solution should work computer-to-computer, but not from computer to phone and vice versa.
You may also want to look at truecrypt (http://verahill.blogspot.com.au/2012/04/using-truecrypt-with-dropbox.html) to secure your files and/or devices, in particular portable storage media like USB sticks. Truecrypt is a good way of backing up or managing your pgp/gpg keys.
I do recognise that there's a lot of info on this page, so don't feel shy about using 'search' to get to where you want to be.
Why?
If you have nothing to hide, why worry?
University and company email systems get hacked. What you do and say can come back to haunt you in unintended way. A lot of employers in the US are scared of submitting honest letters of recommendation because they fear getting sued if they are not favourable enough. Politicians are, often illegally, using private email for official business.
On the one hand, if something doesn't pass the 'newspaper test' (how would you feel if this was the headline on today's newspaper?) maybe you shouldn't be doing/writing/saying that.
On the other hand, in particular in academia, it is important that discourse can be direct and honest.
For these reasons I favour using PGP/GPG encryption as much as possible, since I feel that it strikes a good balance between the need for privacy and unfettered discourse, and the need for a paper trail. PGP/GPG encrypts the content of your conversation, but still leaves it open with whom you converse, thus providing a trail ensuring that you don't get involved in something which you shouldn't.
In some jurisdictions this means that you can be ordered to decrypt your conversation, while, to my understanding, in e.g. the US the content and relevance of the conversation needs to be known to some extent for this to happen. The bottom line is that you will be involved in the release of the material, and that it will take a court order for that to happen.
As with everything else, encryption is just a tool, and it can be used responsibly for good purposes, or irresponsibly with bad intent.
And if even you truly don't have anything to hide, you may support the right for each citizen to decide for themselves whether they want to use encryption or not. The view of law enforcement in many countries seems to be that only criminals have reasons to use encrypted communication, while at the same time security/intelligence agencies believe that their job becomes more difficult to do if they can't sniff all traffic (e.g. ECHELON). These are legitimate opinions, but as with everything you have to make a choice between how much liberty you are willing to sacrifice for a little bit of security. You have to decide for yourself where you draw that line.
Enough meaningless banter, time to get configured.
1. IMPORTANT
The key KEY principle is that:
1. the PUBLIC key ENCRYPTS
2. the PRIVATE key DECRYPTS.
You can encrypt with a private key (e.g. signing), but then anyone with your public key can decrypt it.
I'll write this in bold because it is central to encryption with public and private keys:
use the recipients PUBLIC key to encrypt correspondence to them, and they should use your public key to encrypt correspondence to you. If a private key is used to encrypt, everyone can read the correspondence.
IF, on receiving an encrypted email from someone else, you have to go online to download their key to decrypt, then they used their private key and not your public key to encrypt. That is wrong and INSECURE.
A side effect is that,UNLESS you cc and encrypt to yourself using your public keys when emailing, you WILL NOT BE ABLE TO READ SENT EMAILS which have been encrypted using someone else's public key.
In a more formal setting you will probably want to use expiring keys. For personal use, keys that don't expire are probably fine.
2. How?
2a. Keys and key-management
First install seahorse, gnupg, and gnupg2.
Regardless of how you create your key, it will be found in ~/.gnupg
ls ~/.gnupg/
gpg.conf pubring.gpg pubring.gpg~ random_seed secring.gpg trustdb.gpg
This means that anyone with root/sudo access on that system can access your private key and decrypt all your correspondence unless you password protect it. In general, don't store your key on a shared computer.
Creating a key
- using gpg (terminal)
gpg --gen-key
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.You'll get asked for a passphrase twice. Then:
[..]
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) Y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: I Lindqvist
Email address: i.lindqvist@email.net
Comment: fake address
You selected this USER-ID:
"I Lindqvist (fake address) <i.lindqvist@email.net>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 283 more bytes)
..+++++
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 109 more bytes)
.....................+++++
gpg: key 2B4C5636 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/2B4C5636 2012-05-02
Key fingerprint = 5B71 C3F1 0C2D E008 B299 21A8 019F 907E 2B4C 5636
uid I Lindqvist (fake address) <i.lindqvist@email.net>
sub 2048R/78F9B6C1 2012-05-02
gpg --list-key
/home/me/.gnupg/pubring.gpg
-----------------------------
pub 2048R/2B4C5636 2012-05-02
uid I Lindqvist (fake address) <i.lindqvist@email.net>
sub 2048R/78F9B6C1 2012-05-02
To add more email address, do
gpg --edit-key 2B4C5636
>adduid
and follow the prompts. You do not want to add subkeys.
gpg --edit-key 2B4C5636
>adduid
and follow the prompts. You do not want to add subkeys.
Do
>trust
to set the trust level. Ultimate for your own key, full for your pals.
- using seahorse:
if it isn't already installed, then
sudo apt-get install seahorse
and start it by typing seahorse in the terminal, or selecting Passwords and Keys in gnome. Select New
PGP key |
Add details |
You can add additional addresses later by selecting your key and right-click, then select Properties |
Publish your PUBLIC key:
You can either do this directly using seahorse (very easy), or, if you prefer a more manual approach:
gpg --export -a
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQENBE+gt4IBCADPY9CyEr1aqU1uqOKquwFOUgsiLNV7pYRLKkTa3hki/8Zz0Ssr
16DIvuO5dGQVsDu712E2FaW3FSzThzPBW9R9z1WNHjZUWtRu78WVNyJJ3WwjJFWV
hmA9kmWzFn14pcqzeD6RAkpK7YrKENu05A2vWB47mWFxlysCxo8VdPoj/uEG0Cvw
BHNrI8raVarwWOPPZiVTp7nbbHySQxZjJTpdR5bEFH+L1AqA3T0YG5FdXryGFXG0
DMLPD3mCSZHoT27WRH4l8mH7K25m6ONUV8u6JDLtSy/WAi9J2nGo5K5r/OetDqe7
zTOaQk7u+WyTxK41nzNk/NRVAUlcc7aM7WXFABEBAAG0MkkgTGluZHF2aXN0IChm
YWtlIGFkZHJlc3MpIDxpLmxpbmRxdmlzdEBlbWFpbC5uZXQ+iQE4BBMBAgAiBQJP
oLeCAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRABn5B+K0xWNtxlB/9K
GAq9Q8YlZjKOnOx2jZWRqE6dHZ5BjNX24SmsVWf0jpEIP1Bj699QiWxxEYeIc2S7
E0vm3G323oEHfiGUlTpqi4piCnrEgm63JKNGWKamKBkYBTvygRFRC7DUWhB6kwP3
FmOU8SMR9+8lSei6IJoRlJUThdF3gWLiNnQtDDowjQL2gIHvh+Ht/geC+fDtN0i5
R7yGUOyIicYDa04dSsX5LZJneouIavNYulTpJc0wth6GOrzAbitVsfdQ84O/Q/Ld
lyI6HSzz/QNDuY2YkAPiejapHBtBP9LukBvFChfkiwNv+RPG9VE8zm0vIg9ylmaf
Fbe1CrawAsjQDM8f1KEtuQENBE+gt4IBCADK5PJMH0I8CB1RoMLo13Ewd8tFoIYu
bXIuV2RpUCTwxOA1nbKiJUrZP0Dxe0aK6GXspEzRtYjpT2QdIvdYsHrr85V4+AsJ
BFQ3ehp6XW2NtyECQyzYlUm4Yo06EU128E0whfeK42b+egWazOrdnt9QKlZCP5lz
UU8L9zJiDI64old79AkbRm7mKdH6uIAwkPG3Eft+2H312MkRGfmiJ/Eq/HQO8ygo
pcg93kqU9RrI8xwfO5plqF9yc9iNzrgDu8iuOPSxYuJtG3cj0W4CzuwLRzMnWFXO
CQpcCWF38/a2HTrXCxA5QAf0Td3P7zc7eZd6JhpzNTTJ7zQeeQreKjhfABEBAAGJ
AR8EGAECAAkFAk+gt4ICGwwACgkQAZ+QfitMVjbn2Af/SURRS72DJ66F0Gpt9bIe
p2zr98c+W4bPru7fVg4uOAxz95H1vK65kX7jZ+9M5yqHGqLNxmVcUcVhbXS+Fkik
LoBxLezU7s1bC40HSFPu00IQQxiH5jv9Dd/kqP16oel+JVGDwmRXFWXqByaWaaNm
6JYHYcCH6B4UwSpSRiwJScbTWsvxq9+WVAUO730FwGy3BYnZAXNeibV2/bbtZbz6
P23zyitFqOizuafvwFIS9pGvbL3pmUkQne0dF1OGhfhsdczZi+LVhnKy6iOy7lTx
6saK149HMndyLNOlS8pmJez2ULXF/fijLlrXAi3zr8a2UFkpYPEIj+emkeFpAGiE
mQ==
=VnnT
-----END PGP PUBLIC KEY BLOCK-----
Then copy/paste it into the front page at pgp.mit.edu
2b. Chat
Gajim
Gajim is seven kinds of awesome, but is primarily used for jabber-compatible protocols. This means gmail gmx, etc.
To set up encryption for an address, go to Edit, Accounts, select the address and go to the Personal tab.
GPG Agent is broken on Debian, so don't use that. |
Once all that is done, encryption is easy.
mcabber
Mcabber is a terminal chat client and that makes configuration very easy.
Edit ~/.mcabber/mcabberrc and add (or uncomment):
set pgp = 1The private key ID is much longer than what you may be used to -- you can look it up using seahorse. pgp.mit.edu will also report it if you've uploaded your public key:
set pgp_private_key = "06403515C1XXXX6B"
set pgp_passphrase_retries = 3
Anyway, start mcabber, select the contact you presumably already have a key for and type:
/info
05-02 16:02 *** jid: <xxx.xxxxx@xxxx.xxx>
05-02 16:02 *** Name: xxxxx at xxxx
05-02 16:02 *** Type: user
05-02 16:02 *** Subscription: both
05-02 16:02 *** Resource: [o] (50) Gajim76E72461
Status timestamp: 2012-05-02 16:02:09
PGP key id: 06403515C1XXXX6B
Last PGP signature: good
The contact is recognised and you have their key. So, you should be able to simply start chatting.
Switch encryption on and off using
/pgp enable
and
/pgp disable
So how can you tell whether it's encrypted or not?
05-02 16:02 -~> This is encrypted
05-02 16:09 --> This is not encrypted
Yup. A ~ makes the difference.
Received encrypted messaged look like this:
05-02 16:12 <~= encryption the other way
2c. E-mail
Evolution
Evolution supports integration with gnupg out of the box, but each email address needs to be configured separately. Start evolution, click on Edit, select Preferences, Mail Accounts, highlight the email address you want to configure, click on Edit. Select the Security tab in the Account Editor and type in the key ID.
When you're composing, this is what meets you:
You will have problems encrypting to people who's keys haven't been associated properly with the email address you're composing to.
Thunderbird
Thunderbird isn't as well-supported for PGP/GPG as evolution but there's an add-on, Enigmail 1.4.1 (you might have to download it manually from http://enigmail.mozdev.org/download/index.php.html), which is compatible with Earlybird/Thunderbird 11. The downside on using an add-on is that compatibility sometimes breaks.
The key here is the 'GnuPG was found...' bit. To gain access the tabs below you can click on Display Expert Settings. |
Once you've installed enigmail via the add-on menu and restarted, you can set the preferences:
Most options are straight-forward |
You may need to set the key manually if the email address isn't explicitly associated with an address. |
Go to Edit, Account Settings, and uncheck use html under Composition and Addressing for each address. Partly because signing will work better, but mainly because you have no reason to use html. Ever.
And this is how it looks when you are composing emails:
You can choose to sign and/or encrypt emails from simple menu. |
Mutt
The key ID is C1XXXX6B. Edit your .mutt/muttrc file and add (the field which need to be edited are given in red below):
# GPG stuff - autosign
set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f"
set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f"
set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output - %f"
set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"
set pgp_clearsign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"
set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0xC1XXXX6B -- -r %r -- %f"
set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0xC1XXXX6B -- -r %r -- %f"
set pgp_import_command="gpg --no-verbose --import -v %f"
set pgp_export_command="gpg --no-verbose --export --armor %r"
set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --check-sigs %r"
set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons --list-keys %r"
set pgp_list_secring_command="gpg --no-verbose --batch --with-colons --list-secret-keys %r"
set pgp_autosign=yes
set pgp_sign_as=0xC1XXXX6Bset pgp_replyencrypt=yes
set pgp_timeout=1800
set pgp_good_sign="^gpg: Good signature from"
In mutt, p is associated with gpg/pgp:
In mutt, write your email in vim or nano, then exit the editor and hit p. Select e to encrypt:And it now shows 'Security: Encrypt', and you can send.
Encrypted VOIP
While skype encrypts by default, skype isn't 'open', and you are not in control.
For twinkle (below), you need a sip address. You sometimes have one via your ISP, but you can also get one for free from e.g. https://www.ekiga.net/index.php?page=register
Twinkle and ccRTPp are available in the debian repos.
sudo apt-get install twinkle
pulls in everything you need
Next, start twinkle and configure it:
The only interesting step is this one:
Select ZRTP/SRTP |
My guess is that you need to include the country code. Don't forget to drop any leading 0s off the area code (the scatter brained cause of the failed call listed in the log below)
Labels:
debian wheezy,
encryption,
evolution,
gajim,
GnuPG,
iinet,
linux,
mcabber,
mutt,
sip,
srtp,
thunderbird,
twinkle
127. It's that time again...
Linux is dead on the desktop, only 1%, barely a blip etc. etc.
Well, 1% is still a truck-load of people. In fact, it's quite a number of truck-loads, with it being in the 10s of millions of people.
Anyway, every time a website needs to boost their visitor numbers (Why? If no-one cared and there were no linux users, how could this possibly boost the number of visitors? Shouldn't it go the other way) you get one of those Linux + Desktop = dead/lost/flop stories.
I don't want to include links more than absolutely necessary.
Most of those types of stories are ill-informed -- someone discovers that Linux != Windows. Usually they include something along the lines of you needing to be a programmer to use linux (Why programmer? SysAdmin would make a lot more sense. I don't think linux is the preferred dev env for e.g. C# or cocoa). But once in a while you come across something that is not just ill-informed, but ill-willed.
Like this:
https://www.networkworld.com/news/2012/043012-linux-desktop-258724.html?page=1
Yes, I really shouldn't link to it.
In this article which reminds me more of a thinly veiled press release, someone from this company is given the opportunity to belt out some remarkable statements. That company has a long history of doing lobbying on behalf of Microsoft. Why the 'journalist' at networkworld.com played along puzzles me though. Other people are interview too however, and it's not particularly impressive.
Some snippets:
A very minor one is
A very major one:
This one gives a good idea of the purpose of the article
... is a myth, he adds, one of many myths surrounding Linux deployment.
Approaching a tautology:
Plus, most professionals tend to be familiar with the leading commercial software products for the work that they do
1. That something is 'leading' doesn't mean anything in terms of quality or it being the best tool for the job.
2. The main drawback of e.g. Libreoffice vs Microsoft Office is the moving goal-post of file compatibility, and that is entirely artificial. The products are, as far as I can tell (I use latex), identical. But since more people use office (see the introduction of .docx as an example of microsoft breaking backward compatibility on purpose to get the upgrades going) it forces everyone else to use the same exact tool. Document standards and adherence to them (MS has a way of ignoring their own standards to prevent full compatibility) would erase this hurdle.
3. What's the real cost of training? It's always presumed to be high, but is it? This is of course something that will depend on a lot of factors, and I do not have an answer. But I suspect that in the case of Libreoffice vs MS Office it is negligible.
And more:
This is true. And it is why companies are waking up to find themselves locked in -- it's a great argument in favour of not repeating the same mistake, but to use open source tools instead.
This extrapolation I find very difficult to believe:
Also, what about equivalent, rather than identical, pieces of software?
And then another stinker:
Well, at least they didn't use the word 'hobbyist' even once in the piece...
Well, 1% is still a truck-load of people. In fact, it's quite a number of truck-loads, with it being in the 10s of millions of people.
Anyway, every time a website needs to boost their visitor numbers (Why? If no-one cared and there were no linux users, how could this possibly boost the number of visitors? Shouldn't it go the other way) you get one of those Linux + Desktop = dead/lost/flop stories.
I don't want to include links more than absolutely necessary.
Most of those types of stories are ill-informed -- someone discovers that Linux != Windows. Usually they include something along the lines of you needing to be a programmer to use linux (Why programmer? SysAdmin would make a lot more sense. I don't think linux is the preferred dev env for e.g. C# or cocoa). But once in a while you come across something that is not just ill-informed, but ill-willed.
Like this:
https://www.networkworld.com/news/2012/043012-linux-desktop-258724.html?page=1
Yes, I really shouldn't link to it.
In this article which reminds me more of a thinly veiled press release, someone from this company is given the opportunity to belt out some remarkable statements. That company has a long history of doing lobbying on behalf of Microsoft. Why the 'journalist' at networkworld.com played along puzzles me though. Other people are interview too however, and it's not particularly impressive.
Some snippets:
A very minor one is
But, as the old saying goes, it's "free as in puppy, not free as in beer.What about free as in speech?
A very major one:
You have to switch to the new version of Linux every year," he says. "Microsoft supports each version of Windows for ten years."Really? REALLY? And he then goes on to say that at least Microsoft supports free security fixes without you having to pay for support.
This one gives a good idea of the purpose of the article
... is a myth, he adds, one of many myths surrounding Linux deployment.
Approaching a tautology:
Plus, most professionals tend to be familiar with the leading commercial software products for the work that they do
1. That something is 'leading' doesn't mean anything in terms of quality or it being the best tool for the job.
2. The main drawback of e.g. Libreoffice vs Microsoft Office is the moving goal-post of file compatibility, and that is entirely artificial. The products are, as far as I can tell (I use latex), identical. But since more people use office (see the introduction of .docx as an example of microsoft breaking backward compatibility on purpose to get the upgrades going) it forces everyone else to use the same exact tool. Document standards and adherence to them (MS has a way of ignoring their own standards to prevent full compatibility) would erase this hurdle.
3. What's the real cost of training? It's always presumed to be high, but is it? This is of course something that will depend on a lot of factors, and I do not have an answer. But I suspect that in the case of Libreoffice vs MS Office it is negligible.
And more:
"The problem is that things like custom billing apps, SAP, desktop productivity apps from Adobe and industry-specific apps are developed solely for the Windows desktop,"
This is true. And it is why companies are waking up to find themselves locked in -- it's a great argument in favour of not repeating the same mistake, but to use open source tools instead.
This extrapolation I find very difficult to believe:
According to Gartner's Silver, a typical organization will have one application for every 10 users, and, today, about half of those applications require the Windows operating system.
"That percentage has been declining, but still, it's pretty high," Silver says. "So if I have 10,000 users, and 1,000 applications, 500 of those applications will need Windows to run."
Also, what about equivalent, rather than identical, pieces of software?
And then another stinker:
"A typical thing in a Windows setting is to establish some usage policies, and set up some limitations on the systems to keep them stable. Linux doesn't have those types of standards out of the box."Really? Even the default file systems in linux have user management built in -- and on top of that you have group, group membership and incredibly fine-grained control over rights and device access. Windows is a PITA for this.
Well, at least they didn't use the word 'hobbyist' even once in the piece...
Subscribe to:
Posts (Atom)