C O N T E N T S
|
|
January 2007 Choosing Windows Vista, Phone-to-Calendar synchronisation, Blu-ray v. HD DVD, How full is your inbox?, How safe is that web site?
December 2005 Fly away on my cell phone, $100 laptop, Email etiquette: subject for discussion, lastminute IT strategy
April 2006 Faster broadband, memory upgrades, What does your PC say about you?, Player security updates, Clock screensaver
| **** NewsBytes **** | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| ||||||||||||||||||
| **** end of NewsBytes **** | |||||||||||||||||||
Apple's buttonless iPhone finally touches the UK in stores from 9th November at around at £270, though pundits have already given the smart device a thumbs down since competitor 'iPhone-killers' such as 
In case you missed it, a fascinating and timely report by nfpSynergy revealed findings - some surprising, others less so - about exactly what sort of people give to charities. With data taken from the Family Expenditure Survey, the report shows that Southerners and the well-off are the biggest givers, but only by on donation size. As a proportion of their wealth, it is single women and child-free households who are the most generous, and also the poorest in society. Since single men are the most miserly, (accentuated the richer they become), fundraisers are encouraged to target the rich and middle income households. Full nfpSynergy report | ^ Back to contents ^ | ||
|
1. TrueCrypt and the case of plausible deniability
How securely can you encrypt a file? Answer: so tightly that nobody else will know it's even there! | ||
| More help at hand. All the back issues just a click away |
In our recent series focussing on password security, we introduced some online password generators in July, and in September we tested three password storage managers, all freeware. This month we look at a storage system that allows us to encrypt whole chunks of any type of data - applications, emails, documents, even previously encrypted data - and put them into a locked volume. What if losing sensitive information could spell the end of your job, or even your life? The intriguing part is that, if necessary, you can even deny the locked volume exists, though the portentous circumstances that might require one to go to such lengths are somewhat chilling. 
For everyday ordinary mortals, TrueCrypt provides a storage system that encrypts just about any digital data you possess: not just plain text files containing usernames or passwords, but documents and spreadsheets containing similar confidential info if you wish. Or email folders, pictures, MP3s and other audio, videos, even zipped up files or any other file that is itself already encrypted. TrueCrypt does this with a choice of modern encryption methods, all strong and virtually impossible to crack. This means that if you leave a USB stick or laptop lying around or lose them, thieves won't be able to get into any of the data locked behind TrueCrypt's algorithms. Volumes of spaceThe basic technique works by effectively creating a volume on a drive so that a computer can access via a new drive letter, say H: for hidden. 
Volumes are just a way of dividing up a hard drive into manageable bits. These volumes can be mounted, in the sense of hanging a picture on a wall, and dismounted at will. Strange terminology perhaps, and terms familiar to users of Unix from over a quarter of century ago, but the result is a handy way of bringing parts server drives on- and off-line The concept is similar for TrueCrypt's application of the idea. You enter a password and a new hidden disc drive reveals itself. 
TrueCrypt actually constructs a virtual encrypted disc inside a file and mounts it as a real disc. So you start by defining a file with a fixed size, say 256MB, and giving it a name, say volume.raw. This filename could be anything you wish; indeed it is useful to choose something with an unconventional extension, like .001, so that it won't pick up Windows associations and launch a specific application (eg .doc starts Word). Next, you choose an encryption algorithm, like 256-bit AES and away you go. The file size of this volume will now stay fixed however much data you put inside, up to the limit of the fixed file size you chose. An analogy for this security is a door inside a room with a lock on it. The room behind the locked door has a fixed volume and you can put as much stuff in there as you like - until it fills up. 
Take it with youOne of the neat things about TrueCrypt is its 'travel mode', a setup specifically geared around mobile workers with portable storage. However, that doesn't just apply to road warriors, it could mean anyone with a role that involves looking after password files and confidential data. Clearly IT managers and finance staff would benefit from carrying sensitive data on a USB device. Although administrator-level access is required to install TrueCrypt, whether on a desktop drive or a portable USB stick, thereafter the travel mode version can be plugged into any machine without full admin rights being required. Hidden volumes for closet encryptors"Three may keep a secret if two of them are dead" Benjamin Franklin (1706-1790) Now we get to the scary part. 
What if you want to store sensitive information that is more than just confidential? Losing it could spell the end of your job, or even your life. Such a person might be a whistleblower or someone living under an oppressive government, or a worker whose boss threatens physical violence. Let's go back to our analogy: it's still a locked door inside a room, except that you can't see the door. Imagine one of those features that architects of yore would tuck into a house for their own sense of achievement and their patron's amusement. Here however the motive is deadly serious. A hidden volume works by creating a second encrypted volume (eg vol_B) inside the original encrypted volume (eg vol_A). The second part of the deception is to embed other, apparently sensitive files within the first volume as a decoy, helping to mask the presence of the second hidden one, since all the encrypted data (vol_B) inside vol_A will appear random when analysed, and thus indistinguishable from the free space left on vol_A. 
When forced to hand over the password of the first volume (vol_A) to his/her taskmaster / tormentor / tyrant, the owner can declare that all the data is now visible, in other words the decoy files. Thus the owner's case for deniability is plausible and may just get them off the hook. Even when extracted for analysis, the random bits of hidden vol_B will not be uncovered. Returning to our by-now-weary locked door analogy, the unsuspecting investigator forces the suspect to unlock the door, casts his eyes over the few items of drab furniture in the room, fails to spot the hidden door embedded in the library bookshelf and moves on. "Nothing to see here then". Contacts
-IB-
|
Good read? |
| I | B | |
| ^ Back to contents ^ | ||
|
2. Shares fair: Who pays for the Internet?
The short answer is that we all do, in subtle ways. A recent invention called Tribler might just help split the burden fairly. | ||
| More help at hand. All the back issues just a click away |
For Internet Service Providers (ISPs), making customers pay for their Internet services must feel like squeezing blood out of a stone. No sooner have you got a moderate income going than some competitor invests in a whole bunch of faster gear, drops their prices and snitches your customers. For us Internet mortals do the actual paying though, this state of affairs appears to be the epitome of eating your cake and yet still having it, as the result is always the lowest possible tariffs and increasingly varied and better Internet services. Or is it? It's not as if Internet life is perfect.
Peer-based applications have to be expert at musical chairs
Now if ISPs had more spare cash they could perhaps develop stable, high speed connections more quickly and filter all that spam accurately for us without extra costs. Dream on. The market place for Internet services is largely driven by consumer and business demand which means prices continually spiralling downwards. And there are dark bandwidth spectres on the horizon threatening to mire what speed we have completely - namely the appearance of Internet TV and large web applications. But if we can't tackle the market head on, perhaps we can change the way consumers consume bandwidth, at least in less crude a fashion than the current vogue of of outright bans and capping applied by ISPs. This behavioural change is what a new peer-to-peer technology called Tribler could aim to achieve. One of the major sinks of Internet bandwidth is in file-sharing, because the files can be huge. If you thought that Adobe PDF attachment was large (say 1MB), or your video exhibition promo (say 10MB) was beginning to make your Internet connection creak a little, spare a thought for the folk who fetch games from the Internet to have fun with their friends (say, Second Life client 30MB+, Harry Potter demo 400MB+), or download some application software (say Lotus Notes 650MB+). The CDs of yesteryear and the DVDs of today are already being usurped by media-less downloads. 
p2p - Musical chairs networkingFor quite some time many of the 'off-piste' Internet community have turned to peer-to-peer (p2p) sharing technology to alleviate the log jam of single servers providing all the file-serving bandwidth. P2P is a technique that makes direct ad-hoc connections between users' machines, rather than the client-server model where the server is on all the time. Instead, applications that make use of peer-to-peer, like Skype and the popular BitTorrent downloader Azureus, have to allow for the fact that, at any given moment, a PC serving up connections may suddenly be switched off when its owner suddenly fancies popping down to the pub to catch a new band or catch up with some mates. Thus peer-based applications have to be expert at musical chairs. Peer-to-peer is a well-established technology, though its chequered past of hit early headlines with instances of illegal sharing of music files from the likes of Napster, KaZaA and Gnutella as well as other popular commercial application files. However, 'killer applications' like Internet telephony as espoused by Skype have furthered peer-to-peer popularity. Skype falls to Earth For a few days in August, Skype's per Voice over IP service suffered a cascading failure, resulting in only a less than 0.1% of its usual 6-8 million users reported getting on line. Originally thought to be the result of a Microsoft patch that caused millions of computers to reboot at the same time, the reasons remain unclear, though the possibility is that enough people were logging in to Skype at a time when P2P resources to support them were below a critical level. To put this in perspective, it was the first major outage in 4 years. If a peer computer wants to find a desired piece of data in the network (such as searching a Skype name or looking for a game that is downloadable via Azureus), the query has to be flooded through the peer network to find as many participating active computers as possible that share the data. With content not stored on a central server and because of its dynamic nature, a P2P network is harder for malicious users to attack and the potential for total network collapse is less likely. However such robustness was called into question recently .... Applying market values to bandwidthThe downside of all these computers acting as network nodes is that bandwidth can be highly erratic and even becomes overloaded at times. Worse, the situation deteriorates the more users switch off their computers as this reduces the distribution capacity and places increased load on fewer peers. This is an inherent problem because in any given peer network, there tends to be far more people taking (downloading) than giving (making downloads available for others; for many it's case of download and switch off – the Internet equivalent of a snatch-and-grab. What is needed is a kind of bandwidth currency to persuade users to behave in a more responsible manner when it comes to maintaining a balance between downloading and sharing and this is what Tribler hopes to achieve. European broadcasters are already making so-called torrents available via p2p and also looking at the possibility of piping Internet TV. Hence the keen interest in a kind of bandwidth currency that could engender fairer behaviour among the download community. How Tribler works On first startup, Tribler automatically begins searching other Tribler user computers to find out what files are available and reporting additional information, even such things as the sharer's preferences and recommendations about certain files (like a cross between star ratings and PVR profiling systems), akin to many social bookmarking sites. The ratings and recommendations are made using a collaborative filtering algorithm which compares your download history to that of the peers you 'meet', ie Tribler computers you come into contact with. When you find an interesting show/track/file available on other peers, it will be available in your library. Pressing the Download button makes your computer inventory the peers actually containing that file (or just a part of it) and then downloads those parts from the various computers that are online. 'Going Dutch'According to Dr Johan Pouwelse, an assistant professor at Delft University of Technology Amsterdam and co-creator of Tribler, the idea would be to encourage users to upload (and thus create more sharing capacity) as often as they download. Dr Pouwelse and associate professor David Parkes from Harvard University have been working to add an accounting system to Tribler to achieve a form of P2P currency that they label "TV watching minutes" – a kind of time-based TV bank balance. Such technology could pave the way for HDTV quality video-on-demand from the Internet direct to TV sets, with the European Broadcasting Union (EBU) hopefully laying down a standard for an Internet broadcasting system. Tribler has already been used to turn Sony's PlayStation 3 into a video-sharing device. In future, Tribler will be co-operating with the Dutch public broadcasters to make content available via peer-to-peer. Other existing sites worth checking out are www.vuze.com and www.publicdomaintorrents.com. However Tribler's creators will be happy to see bandwidth being used as a kind of currency to encourage better Internet habits. After all if more high bandwidth users are persuaded to leave their machines on longer serving up files, they will pay higher fees to ISPs who will reap more investment, and that could benefit everyone. Contacts-IB-
|
Good read? |
| I | B | |
| ^ Back to contents ^ | ||
|
3. Saving electricity intelligently
When it comes to switching off printers and access points to save energy, humans are hopeless. And why bother, when the Intelli series of adapters does it all painlessly for you. | ||
| More help at hand. All the back issues just a click away |
Let's buy another all-in-one printer, smartphone, camera, GPS, MP3, wi-fi access point. The list of today's gadgets that require another mains adapter and/or charger grows like topsy and the fact that they can all hook up to a PC is yet another reason they get left plugged permanently into the wall. More items on standby means more electricity pointlessly consumed and the planet needs that like a hedgehog needs skiis. Coming to our eco-rescue is a series of Intelli-branded products by OneClick that cut off power to computer peripherals in parallel with the computer.  
Desktop energy saversIntelliplug is a 3-way socket that accepts the power plug of a computer and two other peripherals like a printer/scanner and a network switch. On computer power up, the device also switches on the peripheral equipment, and vice-versa on power down, adding a 5-second delay to allow for things like all-in-one scanner and printer heads to park before finally cutting the power. The unit employs automatic calibration to determine the on/off power level of its host desktop computer and thus triggering power switching of peripheral equipment plugged into the same unit. With a low standby power of 0.4 Watts, the result is an average saving of 35 Watts per hour (depending on the number of connected peripherals) which means an Intelliplug can pay for itself in less than a year of use. Retailing at £16.99, the Intelliplug can usually be found online for less.  
When 2 sockets are not enough, the similar but larger 8-socket Intellipanel on a 2-metre cable extension controls even more peripherals on the same power socket. This unit also incorporates components that optimise switching and therefore minimise stress to peripherals as well as reducing electrical interference, while surge protectors (indicated active by a green neon) safeguard telephone, modem and broadband devices. Finally, a thermal fuse looks after catastrophic voltage spikes. Again the Intellipanel's retail of £29.95 can normally be bettered by around £5. Laptop energy saversAlthough neither of the above work with battery-powered computers, USB Intelliplug and USB Intellipanel versions of the above were recently developed to work with laptops, having the same features as their desktop counterparts and needing only the insertion of the RJ12 USB cable into the laptop's USB port. 
These plug-n-play devices require no software and are recommended by the Energy Saving Trust. Where to save energyObviously this energy-saving idea can be extended to TVs switching off Freeview set-top boxes and hi-fi amplifiers disconnecting separate CD and DVD players to cut similar drains of standby power. Although one would want to be careful about powering down the organisation's only Internet router or firewall (especially if allowing access across multiple time zones), these energy savers are particularly appropriate for remote workers with their own routers and printer peripherals where use is dedicated and limited to office hours. Other typical applications would be a Finance Director's personal printer or shredder, a wi-fi access point that only has limited usage hours, a scanner dedicated to one PC and so on. Intelliplug is one of those inventions that's always going to be better at remembering than humans are and with such a short payback time, it's a common sense buy. Contacts-IB-
|
Good read? |
| I | B | |
| ^ Back to contents ^ | ||
|
4. That email cut-off point
The life blood of organisational communications are often let down by non-technical hitches - like paying the bill! | ||
| More help at hand. All the back issues just a click away |
Have you set up an ADSL account or BT line recently? And what's the betting the payments still rely on someone popping a cheque in the post? Comes the day that the someone forgets to pay the bill for either or both of these essential services, or goes away at the crucial time, then everything comes grinding to a halt. No email, no broadband, perhaps even no phone – and you need that to run the first two! The simple stress reliever is to pay by Direct Debit. Every month organisations get their life blood email or Internet access chopped for forgetting to pay or even simple postal delays. We recommend it's not worth taking the chance. Then next time the someone goes away, they can really enjoy their holiday! Contacts-IB-
|
Good read? |
| I | B | |
| ^ Back to contents ^ | ||
|
5. No Cheques Please ... we're Bacs!
Electronic payment systems save time, money and the planet | ||
| More help at hand. All the back issues just a click away |
For quite a few years, we have refined our electronic system of payment processing and are reaping the benefits of the savings. The move has been gradual and essentially involves emailing quotes and invoices direct from our system in a standard format. For the final link in the chain, actual payment, many people still assume that payment by cheque is the most accepted method, but more are increasingly turning to direct transfer through the UK's Banks automated clearing system (Bacs). In fact, June 2007 saw an all time high in the number of transactions processed in one day, topping more than 83 million. Now, with the help of our clients, Co-Operative Systems is aiming to become a cheque-free zone by 1st November 2008. Processing payments online is ideally suited to so-called business-to-business (b2b) transactions with regular or repeat customers and takes much less time than paper-based systems at both ends. there are other benefits too, such as:
We'll let IB readers know how we get on. Contact us if you want advice about implementing an electronic payment system for your organisation. Contacts
-IB-
|
Good read? |
| I | B | |
| ^ Back to contents ^ | ||
|
6. Q&A: How to run as Administrator without logging out?
Question 
Hi Mark, Having been a good boy and set up all our office PCs by the book to run Windows accounts only as restricted users, I find increasingly that 'odd' programs require Administrator access, even if it' only for installation. It's fairly tedious having to log a user out each time this needs doing, so is there a way round it or do I have to break all my security house rules and set up all users as Administrators of their PCs? Please tell me I won't have to! | ||
| More help at hand. All the back issues just a click away |
Modern computers (not just PCs) require administrator access to install certain types of device or program and perform certain actions, though running the program thereafter can usually done by any type of user. If installations and system driver alterations could effected by ordinary users, then you have no first-line defence to protect against malicious software and have to rely entirely on anti-virus programs in the background and other such defensive monitors. 
However the inconvenience of switching from user (restricted-level) access to administrator is easily overcome with a right-click and selecting "Run as ..." from the context-sensitive menu that pops up; you will probably need the user to look away while you type in the admin password. This way you can run through an entire installation as Administrator without logging out the user. The Admin-level installation session ends when the install is done and you return the user to their normal rights and current desktop undisturbed without further ado. Definitely a big time saver.
-IB-
|
Good read? |
| I | B | |
| ^ Back to contents ^ | ||||
|
Clicks of the Trade - fixing a USB stick 'no show'
--- Quick tips for happier clicks! --- | ||||
| More help at hand. All the back issues just a click away |
-IB-
|
Good read? | ||
| I | B | |||
^ Back to contents ^
Opinions expressed within InfoBulletin do not necessarily represent the views of Co-Operative Systems.
E&OE
|
^ Back to contents ^
|
|
Read recent and past issues of InfoBulletins on the Web at http://www.coopsys.net/ibindex.htm or search our archives and subject index.
We hope you found InfoBulletin useful! If you would like to comment on any of the articles or request particular subjects to be covered, mail us here.
|
||
