Skip to main content

And This....

1 min read

Daring_Comic_Super_Password

...is why you should use strong passwords.  My guess:  the guy got a bunch of emails and passwords from other hacked databases and just tried them.  That or he just guessed easily guessable passwords.  Pick strong passwords.  Never reuse them.  Make them long and random.  Use a password application to remember them.

Link to the article about someone locking iThings and demanding a ransom.

Image from Gwyneth Anne Bronwynne Jonesvia flickr

Starbucks Caramel Drizzle

1 min read

Caramel Apple Spice

I like coffee.  I like to go have coffee.  My favorite place to go have coffee happens to be Starbucks...usually.  I like the fact that their coffee beans are nice and strong.  It makes the coffee flavor come through in a way that other places don't.  But, I'm confused.

My favorite drink is a Caramel Mocha.  Except for the time around Christmas when they have peppermint syrup, it is all I get.  Extra hot too...that way, I can sit and sip it.  But it gets made differently.  Just about all the time.  The part I really like is the caramel drizzle on top (like in the picture above).  I eat the whipped cream/caramel mixture and stir a bit into my drink.  But not everywhere puts it on.  And not every barista at my favorite cafe puts it on either.

Does anyone know why this is?  What do I need to do to make sure I get it?  Why the variance?

Image from David Moore via flickr

New ISP

1 min read

20131016_Sky 20131020_VPNSpeedTest
Sky (ISP No VPN) On StrongVPN

Well, we just signed up for Sky Fibre /  Fiber.  It isn't really fiber to the house...but it is fiber to the cabinet. You can see the actual results above.  This is way different from our previous aDSL servce.  But, on top of this, I run Strong VPN through a dedicated router.  I spent the best part of this week trying to sort out the problem.  I learned two things:

1) How to calculate the maximum theoretical speed of a wan link.  With my latency to the states, the max speed I can expect to the states is around 7Mbps.
2) I upgraded dd-wrt to a new version.  I'm not real sure what the difference was/is but it works better.  The connection is more stable and I get better more reliable throughput.

[Update 2013-10-20 06:21:47] I finally got around to doing a speed test on the VPN that I think is representative of the speeds we really get.

Privacy Idea -- Step 3a

13 min read

This is part of my privacy series.  Main post is here.

I haven't written about steps 1 or 2 yet.  Step 1 is fairly easy:  get a server.  Right now, I have a VPS through 1and1 (the same company that currently hosts maxsons.org)

Step 2 doesn't make sense on a vps with limited disk space.  Although, part of me says I should try.  But, it may be easier with real disks so I'm planning to wait.

This is what I did to get OpenVPN installed and working.  YMMV.

Text in the Courrier New font is what you should type in.
Text in the Comic Sans MS font is output.
Text in italics are notes.

No, I'm not going to show you how to SSH into your server, install putty, or use the command line ssh.  Go google those things. Ask if you need help (I won't not help) but I consider those things prerequisites for this howto.

  1. Since this is a new server, I ran "yum update" to make sure my server was up to date.  It was.
  2. I ran the command "passwd" and set the password for the root user to something strong
  3. run "cat /dev/net/tun" to make sure that my vps supported TUN (required for openVPN).  If this command returns "cat: /dev/net/tun: File descriptor in bad state" if TUN is supported.
  4. "yum install nano" . Yum is a text editor on linux.  You can use anything you like.  The guides I reference below do all the installs at once with a -y at the end.  I don't trust computers (and you shouldn't either).  Read the output, make sure they are doing what you want and you understand what is going on!
  5. "yum install openssl" You need this package as a prerequisite for openVPN
  6. "yum install lzo" another prerequisite for openVPN
  7.  "yum install pam" yet another prereq
  8. At this point, I thought I could find an up-to-date rpm for openVPN and install it.  I only was installing the minimum I needed (or thought I needed).  I futzed around for a while here trying to find a binary and get it installed.  No luck.  I also futzed around adding some yum repositories to my config.  I did sort of succede in getting a binary...but I kept getting an error:  Requires: libpkcs11-helper.so.1  I fiddle-farted around for a bit trying to solve that on it's own.  
  9. "yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel" this command installs gcc; make; rpm-build; dev tools for zlib, pam, and openssl; along with autoconf.  This is a bunch of dev tools I was trying to avoid installing by simply getting binaries
  10. "wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm" this is a binary for lzo from openVPN
  11. "wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm" I have no idea but the instructions I was following said I needed it.
  12. "rpmbuild --rebuild lzo-1.08-4.rf.src.rpm" this rebuilds the lzo binary I downloaded earlier.
  13. "rpm -Uvh lzo-*.rpm" this installs the lzo binaries
  14. "rpm -Uvh rpmforge-release*" this installs the rpm downloaded from rpmforge above
  15. "yum install openvpn" -- finally we get to install openVPN
  16. I ended up and got openVPN 2.3.2 which differs from 2.2.2 and earlier in a significant way:  it doesn't include the easy-rsa application used to generate keys.
  17. "yum install easy-rsa" will install this.  If you get an error, you'll probably need to run steps 18, 19, and 20
  18. "cd /etc/yum.repos.d"
  19. "wget http://repos.openvpn.net/repos/yum/conf/repos.openvpn.net-as-stable.repo"
  20. "wget http://repos.openvpn.net/repos/yum/conf/repos.openvpn.net-CentOS6-snapshots.repo"
  21. openVPN has been "installed" into /usr/share/doc/openvpn-2.3.2/
  22. easy-rsa has been "installed" into /usr/share/easy-rsa/
  23. copy the easy-rsa files into /etc/openvpn/:  "cp -r /usr/share/easy-rsa/* /etc/openvpn/"
  24. now go into that directory:  "cd /etc/openvpn/"
  25. you can edit the vars file.  it is used to set up the defaults you need to generate your keys.  I changed a few things.  This step is optional...but if you edit it, you can just go through some future steps hitting enter.
    export KEY_SIZE=2048 (default was 1024.  Bigger is better)
    export KEY_COUNTRY="XX" (your country)
    export KEY_PROVINCE="XX" (state)
    export KEY_CITY="XXXXXXXX" (city)
    export KEY_ORG="XXXXXXXXX" (organization)
    export KEY_EMAIL="XXXXXX@XXXXXXXXX.XXX" (email)
    export KEY_EMAIL=XXXXXX@XXXXXXXXX.XXX (email again...no quotes)
  26. Now run it "./vars"
  27. Run "./clean-all" to make sure there's no junk around
  28. Run "./build-ca" to start the process of making your "master" certificate.  This will take a while since you are making a 2048 bit key.  Let it run.  Mine took about 5 min or so to finish
  29. When it finishes, build the key for your server "./build-key-server server"
  30. Build the keys for each client you want "./build-key client1"  You can replace client1 with whatever you want the client called.  It just needs to be unique
  31. Copy the sample server config file into /etc/openvpn/.  "cp /usr/share/doc/openvpn-2.3.2/sample-config-files/server.conf /etc/openvpn/server.conf"  When I did this at first, I put it into a subdirectory called conf.  Don't do this.  Just put your conf file into /etc/openvpn/.  This becomes important when it comes time to run it as a service.
  32. Now, edit the file "nano server.conf"
  33. You'll have to make some changes in the file.  Read the comments and everything should become clear.  Here's my file:
    -----

    #################################################
    # Sample OpenVPN 2.0 config file for #
    # multi-client server. #
    # #
    # This file is for the server side #
    # of a many-clients <-> one-server #
    # OpenVPN configuration. #
    # #
    # OpenVPN also supports #
    # single-machine <-> single-machine #
    # configurations (See the Examples page #
    # on the web site for more info). #
    # #
    # This config should work on Windows #
    # or Linux/BSD systems. Remember on #
    # Windows to quote pathnames and use #
    # double backslashes, e.g.: #
    # "C:\\Program Files\\OpenVPN\\config\\foo.key" #
    # #
    # Comments are preceded with '#' or ';' #
    #################################################

    # Which local IP address should OpenVPN
    # listen on? (optional)
    ;local a.b.c.d

    # Which TCP/UDP port should OpenVPN listen on?
    # If you want to run multiple OpenVPN instances
    # on the same machine, use a different port
    # number for each one. You will need to
    # open up this port on your firewall.
    port 1194

    # TCP or UDP server?
    ;proto tcp
    proto udp

    # "dev tun" will create a routed IP tunnel,
    # "dev tap" will create an ethernet tunnel.
    # Use "dev tap0" if you are ethernet bridging
    # and have precreated a tap0 virtual interface
    # and bridged it with your ethernet interface.
    # If you want to control access policies
    # over the VPN, you must create firewall
    # rules for the the TUN/TAP interface.
    # On non-Windows systems, you can give
    # an explicit unit number, such as tun0.
    # On Windows, use "dev-node" for this.
    # On most systems, the VPN will not function
    # unless you partially or fully disable
    # the firewall for the TUN/TAP interface.
    ;dev tap
    dev tun
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450

    # Windows needs the TAP-Win32 adapter name
    # from the Network Connections panel if you
    # have more than one. On XP SP2 or higher,
    # you may need to selectively disable the
    # Windows firewall for the TAP adapter.
    # Non-Windows systems usually don't need this.
    ;dev-node MyTap

    # SSL/TLS root certificate (ca), certificate
    # (cert), and private key (key). Each client
    # and the server must have their own cert and
    # key file. The server and all clients will
    # use the same ca file.
    #
    # See the "easy-rsa" directory for a series
    # of scripts for generating RSA certificates
    # and private keys. Remember to use
    # a unique Common Name for the server
    # and each of the client certificates.
    #
    # Any X509 key management system can be used.
    # OpenVPN can also use a PKCS #12 formatted key file
    # (see "pkcs12" directive in man page).
    ca /etc/openvpn/keys/ca.crt
    cert /etc/openvpn/keys/server.crt
    key /etc/openvpn/keys/server.key # This file should be kept secret

    # Diffie hellman parameters.
    # Generate your own with:
    # openssl dhparam -out dh1024.pem 1024
    # Substitute 2048 for 1024 if you are using
    # 2048 bit keys.
    dh /etc/openvpn/keys/dh2048.pem

    # Configure server mode and supply a VPN subnet
    # for OpenVPN to draw client addresses from.
    # The server will take 10.8.0.1 for itself,
    # the rest will be made available to clients.
    # Each client will be able to reach the server
    # on 10.8.0.1. Comment this line out if you are
    # ethernet bridging. See the man page for more info.
    10.8.0.0 255.255.255.0
    server 192.168.27.0 255.255.255.0

    # Maintain a record of client <-> virtual IP address
    # associations in this file. If OpenVPN goes down or
    # is restarted, reconnecting clients can be assigned
    # the same virtual IP address from the pool that was
    # previously assigned.
    ifconfig-pool-persist ipp.txt

    # Configure server mode for ethernet bridging.
    # You must first use your OS's bridging capability
    # to bridge the TAP interface with the ethernet
    # NIC interface. Then you must manually set the
    # IP/netmask on the bridge interface, here we
    # assume 10.8.0.4/255.255.255.0. Finally we
    # must set aside an IP range in this subnet
    # (start=10.8.0.50 end=10.8.0.100) to allocate
    # to connecting clients. Leave this line commented
    # out unless you are ethernet bridging.
    ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

    # Configure server mode for ethernet bridging
    # using a DHCP-proxy, where clients talk
    # to the OpenVPN server-side DHCP server
    # to receive their IP address allocation
    # and DNS server addresses. You must first use
    # your OS's bridging capability to bridge the TAP
    # interface with the ethernet NIC interface.
    # Note: this mode only works on clients (such as
    # Windows), where the client-side TAP adapter is
    # bound to a DHCP client.
    ;server-bridge

    # Push routes to the client to allow it
    # to reach other private subnets behind
    # the server. Remember that these
    # private subnets will also need
    # to know to route the OpenVPN client
    # address pool (10.8.0.0/255.255.255.0)
    # back to the OpenVPN server.
    ;push "route 192.168.10.0 255.255.255.0"
    ;push "route 192.168.20.0 255.255.255.0"

    # To assign specific IP addresses to specific
    # clients or if a connecting client has a private
    # subnet behind it that should also have VPN access,
    # use the subdirectory "ccd" for client-specific
    # configuration files (see man page for more info).

    # EXAMPLE: Suppose the client
    # having the certificate common name "Thelonious"
    # also has a small subnet behind his connecting
    # machine, such as 192.168.40.128/255.255.255.248.
    # First, uncomment out these lines:
    ;client-config-dir ccd
    ;route 192.168.40.128 255.255.255.248
    # Then create a file ccd/Thelonious with this line:
    # iroute 192.168.40.128 255.255.255.248
    # This will allow Thelonious' private subnet to
    # access the VPN. This example will only work
    # if you are routing, not bridging, i.e. you are
    # using "dev tun" and "server" directives.

    # EXAMPLE: Suppose you want to give
    # Thelonious a fixed VPN IP address of 10.9.0.1.
    # First uncomment out these lines:
    ;client-config-dir ccd
    ;route 10.9.0.0 255.255.255.252
    # Then add this line to ccd/Thelonious:
    # ifconfig-push 10.9.0.1 10.9.0.2

    # Suppose that you want to enable different
    # firewall access policies for different groups
    # of clients. There are two methods:
    # (1) Run multiple OpenVPN daemons, one for each
    # group, and firewall the TUN/TAP interface
    # for each group/daemon appropriately.
    # (2) (Advanced) Create a script to dynamically
    # modify the firewall in response to access
    # from different clients. See man
    # page for more info on learn-address script.
    ;learn-address ./script

    # If enabled, this directive will configure
    # all clients to redirect their default
    # network gateway through the VPN, causing
    # all IP traffic such as web browsing and
    # and DNS lookups to go through the VPN
    # (The OpenVPN server machine may need to NAT
    # or bridge the TUN/TAP interface to the internet
    # in order for this to work properly).
    push "redirect-gateway def1"

    # Certain Windows-specific network settings
    # can be pushed to clients, such as DNS
    # or WINS server addresses. CAVEAT:
    # http://openvpn.net/faq.html#dhcpcaveats
    # The addresses below refer to the public
    # DNS servers provided by opendns.com.
    push "dhcp-option DNS 208.67.222.222"
    push "dhcp-option DNS 208.67.220.220"

    # Uncomment this directive to allow different
    # clients to be able to "see" each other.
    # By default, clients will only see the server.
    # To force clients to only see the server, you
    # will also need to appropriately firewall the
    # server's TUN/TAP interface.
    ;client-to-client

    # Uncomment this directive if multiple clients
    # might connect with the same certificate/key
    # files or common names. This is recommended
    # only for testing purposes. For production use,
    # each client should have its own certificate/key
    # pair.
    #
    # IF YOU HAVE NOT GENERATED INDIVIDUAL
    # CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
    # EACH HAVING ITS OWN UNIQUE "COMMON NAME",
    # UNCOMMENT THIS LINE OUT.
    ;duplicate-cn

    # The keepalive directive causes ping-like
    # messages to be sent back and forth over
    # the link so that each side knows when
    # the other side has gone down.
    # Ping every 10 seconds, assume that remote
    # peer is down if no ping received during
    # a 120 second time period.
    keepalive 10 120

    # For extra security beyond that provided
    # by SSL/TLS, create an "HMAC firewall"
    # to help block DoS attacks and UDP port flooding.
    #
    # Generate with:
    # openvpn --genkey --secret ta.key
    #
    # The server and each client must have
    # a copy of this key.
    # The second parameter should be '0'
    # on the server and '1' on the clients.
    ;tls-auth ta.key 0 # This file is secret

    # Select a cryptographic cipher.
    # This config item must be copied to
    # the client config file as well.
    ;cipher BF-CBC # Blowfish (default)
    ;cipher AES-128-CBC # AES
    ;cipher DES-EDE3-CBC # Triple-DES

    # Enable compression on the VPN link.
    # If you enable it here, you must also
    # enable it in the client config file.
    comp-lzo

    # The maximum number of concurrently connected
    # clients we want to allow.
    max-clients 3

    # It's a good idea to reduce the OpenVPN
    # daemon's privileges after initialization.
    #
    # You can uncomment this out on
    # non-Windows systems.
    user nobody
    group nobody

    # The persist options will try to avoid
    # accessing certain resources on restart
    # that may no longer be accessible because
    # of the privilege downgrade.
    persist-key
    persist-tun

    # Output a short status file showing
    # current connections, truncated
    # and rewritten every minute.
    status openvpn-status.log

    # By default, log messages will go to the syslog (or
    # on Windows, if running as a service, they will go to
    # the "\Program Files\OpenVPN\log" directory).
    # Use log or log-append to override this default.
    # "log" will truncate the log file on OpenVPN startup,
    # while "log-append" will append to it. Use one
    # or the other (but not both).
    ;log openvpn.log
    ;log-append openvpn.log

    # Set the appropriate level of log
    # file verbosity.
    #
    # 0 is silent, except for fatal errors
    # 4 is reasonable for general usage
    # 5 and 6 can help to debug connection problems
    # 9 is extremely verbose
    verb 4

    # Silence repeating messages. At most 20
    # sequential messages of the same message
    # category will be output to the log.
    ;mute 20
    ----- 

  34. you can now run the server by "openvpn server.conf"

I'll do another post detailing firewall changes and then a third detailing client configuration.

References:

http://www.servermom.com/how-to-build-openvpn-server-on-centos-6-x/732/ -- main guide I used
http://www.webhostingtalk.com/showthread.php?t=1167872 -- another howto I used
http://openvpn.net/index.php/open-source/documentation/howto.html -- openVPN docs I referred to
http://wiki.centos.org/HowTos/Network/IPTables -- big BIG huge help with getting iptables set up right

[Update 2013-06-30 07:14:07] Edited step 34

[Update 2013-06-30 07:53:27] I've finished step 3b detailing firewall changes with iptables and starting the server as a daemon

For Father's Day

2 min read

Tassimo-T42sort med drik

Cyndi and the kids got me a Tassimo coffee machine.  Costa was running a special:  £30 for the machine.  I then got a £20 off my first order of coffee from their web store.  That works out to £0.50 (aka 50p) each for some hot chocolate I bought and £0.25 (25p) for a coffee/tea assortment.

Now, I've always wanted one of the all-in-one espresso machines; however, I wouldn't spend the money.  This offer for the tassimo made it within my price range.  So far, I've had the following drinks:

* Costa Americano
* Costa Late
* Earl Grey Tea
* 100% Columbian

The one thing I've found is that the coffee is rather strong if I don't give it extra water.  At first, I was confused about how to do that.  The instructions seemed to indicate that you push the start button after the brew cycle for an extra "shot" of water.  Well, it turns out you have to push and hold the button and it "doses" hot water as long as you hold the button.

I give the machine 7 out of 10 overall.  I wouldn't have paid full price for it; however, the special made it a nice purchase. I think once my major order runs out, I'll buy my coffee direct from Costa.  I'll get costa points and give the Redhill store some traffic.

Image from Tassimo Danmark via flickr

Young Earth Creationism

3 min read

Hubble Spies a UFO

I've been to AIG's Creation Museum. I have a few posts about Young Earth Creationism and Intelligent Design. But, I've never really done a post about why I'm a YEC--Young Earth Creationist.  So, that is what this is.

First, I reject Darwinian monkey-to-man evolution because it is incompatible with the Bible.  Plain and simple, the Bible says that God created.  The Bible then goes on to say that God created kinds of animals that would reproduce within their own kind.  I also reject the idea of the big-bang or theistic evolution.  So, it should be fairly simply why I believe in the Creationism part of Young Earth Creationism.

Second, I reject old earth creationism because young earth is the simplest reading of the Bible text.  First, most forms of OEC (old-earth creationism) require some form of the day-age form of creation.  Just in case you don't know, day-age ideas say that each day in Genesis was actually a long period of time instead of a literal as we know it 24 hour day.  I believe that the days mentioned in Genesis were actual days.  Why?  Well, read it for yourself.  That is the simplest reading of the text.  Add to that, the Bible itself--in Genesis 5--tells us when people were born, how long they lived before their son was born, and then when they died.  Simple math there (and with other places in the Bible) will get you a figure of 6,000 to 10,000 for the age of the earth.

Third, small changes seen today (darwin's finches, the spotted moth, and others) are not a problem and are not evolution in the Darwinian monkey-to-man model.  As a YEC, I don't not believe that changes within kinds can happen.  They even explain the diversity seen today.  For example, from a medium-haired dog "kind" you can end up with short hair dogs, long-hair dogs, and poodles.  We see horses and donkeys produce mules.  Within "kinds" this can and does happen.

Fourth, I think that dating methods--carbon dating and the like--are based on assumptions that may or may not be the case (or may not have always been the case).  So, in carbon dating the amount of c14 is measured.  Based on the steady rate of change, scientists can determine an age (many other dating methods work the same).  This would be like you entering a room with a bathtub being filled at a steady rate and being asked to determine how long it had been being filled.  Sure, you could measure the rate of the water-flow, size of the container, and amount of water.  However, you couldn't determine what had happened before you entered the room.  What if the container started out 1/3 full?  What if the container had a small leak that was plugged in the past?  What if the flow was faster or slower in the past?  What if the temperature in the room were different  (so the evaporation rate was different)?  See where I'm going here?

Finally, a strong stand on YEC gives a "high" view of scripture.  This high view and little compromise makes it more likely that I'll keep a firm foundation on which to build other positions.  Meaning, I think this position doesn't compromise any Biblical position while others (theistic evolution, day age theory, etc...) cause compromise.

If you want more reading, check out this page on the Answers in Genesis website.

Image from NASA Goddard Photo and Video via flickr

Authetication

2 min read

Passwords are like Pants...

I assume this is ok to mention (meaning I don't think the bad guys can get anywhere with it).  At the start of 2011, Google introduced two-factor authentication.  Over the summer, I enabled it for my Google account.  What's the difference or extra?  I'm glad you asked.

Basically, two-factor authentication is based on two "things."  In my case, it is something I know--my password--and something I have--a code from Google.  When I attempt to login using a google account, I am not only asked for my id and password, but I get prompted for a verification code.  Where do I get the code?  Google has an app that I installed on my phone that generates them.  So, not only do I have to have my keypass (what I use to generate strong passwords) but I also have to have my mobile phone.

So far, the only problem this has caused was when I tried to sign-on using Google's stand-alone talk application.  I spent a good 30 min trying to figure out why I couldn't log in.  I was trying to sign-on with a google app account so at first I thought that was the problem (it looked like it was stripping off my domain).  After some Googling, I decided I needed to give up and get back to work.  The next day, I decided to give it another go.  This time, I remembered that Google offers to generate application specific passwords for things that aren't two-factor compliant.  I generated a new one and, sure enough, it connected straightaway.

If you want to know what I did to enable two-factor authentication, let me know, and I'll post a HOWTO.

Image from Richard Parmiter via flickr

HOWTO -- Encrypt your e-mail with Thunderbird, Enigmail, and GNUPG

8 min read

 Everyone should be encrypting all of their e-mail.  Why?  Well, let me ask you a question....would you write your wife, husband, sweetheart, etc... a message on a post card?  Why not?  Because everyone can read it, right?!  So, how would you send it?  You'd write it on paper and put it in an envelope, right?  Well, email is just like the post card.  Left unencrypted, it is just like the post card...anyone can read it.  Encryption works like an envelope so to speak.  It let's you pack it up so people who come across the message in transit on the internet can't read it (just like the letter).  Just like the envelope, it can be opened...it just takes lots of time to discover the key and decrypt it.

Need more reasons?  Check out this article.

If you are interested, read more .....

[Update 09-29-2010 17:05:47] Check out this post on another reason you should be encrypting your e-mail (and everything else)

Image of the lock is from Daniel Y. Go via flickr.  Other images below are screenshots by me.

[Prerequisites] [Configuring Thunderbird] [Installing GNUPG] [Installing Enigmail] [Configuring Enigmail] [Adding Keys from Others] [Uploading Your Key] [Setting Up Perrecipiant Rules in Enigmail] [Reading Encrypted Email]


Note, you can click any of the pictures below to get taken to larger ones. From there, you can get even larger--read original size--images

Ok...before I start with this HOWTO, here are some prerequisites:

0) I assume you are using windows PC.
1) I assume you aren't using Thunderbird or any other email client that you check your e-mail with
2) I assume you don't use email encryption at the moment and have never messed with it.
3) You need to have an e-mail account you can check with an e-mail client. If you don't have one, you can get one from google easily here.
4) Download Thunderbird and run through the installer. An existing installation of Thunderbird can be used.
5) Download GNUPG.

The download page is here. You can either scroll down to the BINARIES section, look for "GnuPG 1.4.10b compiled for Microsoft Windows," and then click on the FTP link to the right to download.
Or you can just click this link to download the file.

 


Configuring Thunderbird

(Note, in the screenshots below, I am using the 3.0.4 PortableApps version for my screenshots)

1) Launch Thunderbird.

2) Enter the information requested in the box and click continue.
ThunderbirdStep01-SetupAccount

3) Wait while Thunderbird determines your settings
ThunderbirdStep02-VerifyAccount

4) Click create account (assuming everything is correct)

5) The screen will refresh and look like this. You can verify everything is ok by clicking the Read Messages link.
ThunderbirdStep03-MainAccountWindow

6) Thunderbird setup is complete.


Installing GNUPG

1) If you haven't done so already, download GNUPG.

The download page is here. You can either scroll down to the BINARIES section, look for "GnuPG 1.4.10b compiled for Microsoft Windows," and then click on the FTP link to the right to download.
Or you can just click this link to download the file.

 

2) Find the file you downloaded and double click it. It will show up as either gnupg-w32cli-1.4.10b.exe or gnupg-w32cli-1.4.10b

3) Click the next button
GNUPGStep01

4) Click next again to agree to the license terms
GNUPGStep02

5) Click next again (accept all packages as show in the screenshot)
GNUPGStep03

6) Click next after verifying en-English is selected (unless you speak a different language)
GNUPGStep04

7) Choose your install path. Usually the default will work ok (c:\Program Files\GNU\GNUPG); however, in the instance below, I picked to install it to my thumbdrive (k:)
GNUPGStep05

8) Click next (this screen creates a menu in your start menu)
GNUPGStep06

9) wait while the program installs
GNUPGStep07

10) When it is done, click next
GNUPGStep08

11) Uncheck the Show Readme checkbox and click finish
GNUPGStep09

12) Installation of GNUPG is done


Installing Enigmail

1) Go to the Enigmail homepage

2) Find the download section of the homepage (in the screenshot below, it is in the top left section of the page and says "v1.0.1 for Windows (32-bit)")
Enigmail01

3) Right-click the link and copy the URL to your clipboard. In Firefox, choose the "Copy Link Location" option. In Internet Explorer, choose "Copy Shortcut." In Google Chrome, choose "Copy Link Address.")

4) Go back to Thunderbird and click Tools -> Addons
Enigmail02

5) Click the Install button
Enigmail03

6) In the filename box, paste (hit the ctrl key + c at the same time) what is on your clipboard. it should look something like this
Enigmail04

7) Click the open button

8) Wait while the file is downloaded. When the window refreshes, click the Install Now button
Enigmail05

9) Click the restart thunderbird button
Enigmail06

10) Wait while Thunderbird restarts. When it does, Enigmail will be installed


Configuring Enigmail

1) Go to OpenPGP->Setup Wizard
Enigmail07

2) Choose "Yes I would like the wizard to get me started" and click Next
Enigmail08

3) Choose "Yes I want to sign all of my e-mail" and click Next
Enigmail09

4) Choose "No, I will create per-recipiant rules for those that send me their public key" and click Next
Enigmail10

5) Make sure yes is selected and click next (this will make some configuration changes to Thunderbird to make sure encryption works well)
Enigmail11

6) Enter a passphrase. Pick something nice and strong. Here, here, and here are some rules for creating strong passwords
Enigmail12

7) Click the Next button

8) Click the next button when presented with the summary
Enigmail13

9) Click next to generate your key
Enigmail14

10) Wait while your key is made

11) Click the finish button
Enigmail15


Adding Keys from Others

1) Open up Thunderbird

2) Choose OpenPGP->Key Management from the menu
Enigmail16

3) Choose Keyserver->Search for Keys in the OpenPGP key Managment Window
KeyManagement01

4) Enter your search criteria into the Search for Key box and hit ok. You can use name, email address, or a partial match. If you want to search for my key, use my e-mail address mjncj@maxsons.org
KeyManagement02

5) Results are shown like this. For any keys you want to import, make sure the checkbox is checked then click the ok button
KeyManagement04

6) You'll get a message that they keys were imported. Click ok
KeyManagement05

7) If you want to see the keys you have, click the display all keys by default checkbox
KeyManagement06

8) Click the X to close the window.


Uploading Your Key

1) Open up Thunderbird

2) Choose OpenPGP->Key Management from the menu
UploadingKeys01

3) Highlight your key
UploadingKeys02

4) Go to Keyserver->Upload Public Keys
UploadingKeys03

5) Hot the OK button to search using the default keyserver
UploadingKeys04

6) The key will upload
UploadingKeys05

7) Now you can simply close the Key Management window and people can find your public key to send you e-mail.


Setting Up Per-recipiant Rules in Enigmail

1) Open up Thunderbird

2) Choose OpenPGP->Preferences from the menu
AddingRules01

3) Click the Display Expert Settings Button
AddingRules02

4) Go to the Key Selection tab and click the Edit Rules button
AddingRules03

5) Click the add button in the new window that pops up
AddingRules04

6) Fill out the window like:

Set Open PGP Rules for enter the person's email address
Apply Rule if Recipiant is exactly
Use the following keys See steps 7 and 8
Signing Choose Always from the dropdown
Encryption Choose Always from the dropdown

7) To choose the keys, hit the Select Key(s) button
AddingRules05

8) A new window will open. Check the checkbox next to the person's key you want to use. Also, select your key! IF YOU DO NOT you will not be able to read any e-mail you send to this person.
AddingRules06

9) If you want to set a rule to encrypt your e-mail to me, it would look like this:
AddingRules07

10) Click the ok button. Then, click the ok button two more times (once for the key management window and once for the OpenPGP preferences window). You will return to Thunderbird.

11) Test it out and send someone an e-mail.

12) You should type the e-mail just like normal. When you click the send button, it should ask for your password. Enter the password entered in the Configuring Enigmail section #6
EncryptingEmail01


Reading Encrypted Email

1) Launch Thunderbird

2) When you are looking at e-mail in your inbox, there is nothing that tells you it is encrypted or not.
EncryptingEmail02

3) However, when you go to open an encrypted message, you will be prompted for your password. Enter it and you will see the message like normal.
EncryptingEmail01

4) Once it is open, you should see this
EncryptingEmail03

5) Take a look at the green bar at the top. Green is Good...red is dead so to speak. It tells you that the message is encrypted and everything is ok. If you don't see this bar, then the e-mail hasn't been encrypted.
EncryptingEmail04

If you have questions about any of this, contact me.

[Update 04-11-2010 07:10] I've added instructions on uploading your key to a keyserver with pictures. They can be found in the Uploading Your Key section.

[Update 04-10-2010 17:10:39] I had someone follow the instructions above and send me an e-mail.  But, I forgot to write instructions on uploading your key to a key server so people can send you encrypted e-mail.  I'll follow with some pictures later, but here are the steps:

Open thunderbird
Go to OpenPGP->Key Management
Pick your key
Go to keyserver->upload public key
Hit ok.

[Update 2012-12-26 10:12:00] Edited some incorrect links

Is English really Easy?

2 min read

Of course I happen to think so (just like Serbs thing that Serbian is easy, arabs think Arabic is easy, and Chineese think Chineese is easy).  But, I got this in the e-mail today and thought I would post it.  What do you think no??

Can you read these right the first time?

1) The bandage was wound around the wound.
2) The farm was used to produce produce.
3) The dump was so full that it had to refuse more refuse.
4) We must polish the Polish furniture.
5) He could lead if he would get the lead out.
6) The soldier decided to desert his dessert in the desert.
7) Since there is no time like the present, he thought it was time to present the present .
8) A bass was painted on the head of the bass  drum.
9) When shot at, the dove dove into the bushes.
10) I did not object to the object.
11) The insurance was invalid for the invalid.
12) There was a row among the oarsmen about how to row .
13) They were too close to the door to close it.
14) The buck does funny things when the does are present.
15) A seamstress and a sewer fell down into a sewer line.
16) To help with planting, the farmer taught his sow to sow.
17) The wind was too strong to wind the sail.
18) Upon seeing the tear in the painting I shed a tear.
19) I had to subject the subject to a series of tests..
20) How can I intimate this to my most intimate friend?
21) The archer shot an arrow from his bow to the bow of the ship.