Open Development

I have long seen encryption as an increasing necessity in our digital lives, but until late, my excuse for not using it was that it was too much hassle to deal with! PGP is great, but PGP Desktop seemed a little bloated for my own purposes, took forever to load on startup, and (at least in my experience) was not very easy to setup with my Gmail + Outlook 2007 setup. The key to effective security, just as with any other precautionary measure, is that it must be convenient. Just the other day, a friend of mine introduced me to OpenPGP and a few graphical front-ends and plugins for Mozilla Thunderbird that make using Email and file encryption a piece of cake. For whole or partial drive encryption, TrueCrypt impressed me greatly.

Let’s begin with setting up Email encryption. Here’s what you need:

1. Mozilla Thunderbird, a light-weight but powerful alternative to Microsoft Outlook. By the makers of the Firefox web browser. You may also choose to use Outlook, but there seems to be a few hiccups between GnuPG4Win and the 2007 edition.
2. GNU Privacy Guard for Windows, a collection of open-source graphical encryption tools (including a shell extension) for the MS Windows operating system that act as a front-end to the daunting OpenPGP command line utilities.
3. Enigmail, a security plug-in for Thunderbird that allows effortless OpenPGP encryption

During the GnuPG4Win installation, you will be asked if you want to download and install extra components: I would recommend that you leave each checkbox checked to utilize the whole suite of tools. Once the installation is completed, you need to create a public and private key that will be used to encrypt your data: the public key is the key that you share with other, and the private key lets you decrypt messages encrypted with your public key (your contacts must use your public key to encrypt a message addressed to you, but they cannot decrypt it with the same key). To create your key, launch WinPT.exe and double-click on its system tray icon:

Figure 1: The Key Manager Window

On your first launch, you won’t see any keys listed, so launch the creation wizard (don’t forget to upload your public key to one of the public servers if you want your friends to be able to search for your key:

Figure 2: Creating Your Encryption Key

The wizard will ask you for your name, email address, and a strong password which it will use to create a strong 2-part PGP key containing your public and private key.

Figure 3: Uploading Your Key to the Public Server

Once you have a key to work with, go ahead and install Thunderbird and the Enigmail plug-in, and try out your new encryption system! Encrypting a message you are composing is as simple as clicking on the toolbar button. Here’s a few distinctive features that make Engmail pain-free and easy to use:

1. Automatic decryption – If an email is encrypted, Enigmail will ask you for the decryption password and retain it for 5 minutes.
2. Automatic Encryption upon Reply – Do you frequently tap out short emails back and forth with your colleagues that more closely resembles a chat? Don’t worry – Enigmail will automatically encrypt your replies if you respond to an incoming message that was encrypted.

Figure 4: Composing and Encrypting a Message

That’s all there is to it! More on TrueCrypt coming soon…

I find it enthralling and yet slightly amusing to see the recent trends by commercial software vendors to release copies of their software to students very cheaply or completely free, or even releasing new or existing code under open-source licenses. Top companies such as Microsoft and Adobe are giving away thousands of dollars of software to eager students such as myself who are incredulous at the opportunity. Microsoft’s DreamSpark program provides top-notch development tools (including Visual Studio Professional) to students, and Adobe allows students to download its cutting-edge Flex Builder without charge. Have these commercial vendors and corporate giants begun to see the light, or in Microsoft’s case, turned over a new leaf? I hope so!

The reality most likely is, however, that these companies are realizing that successful open-source software can be a lucrative endeavor. Not only does it enhance your company’s public image, who are now seen as community-friendly, harmless companies striving for the betterment of mankind, but free software can also (through some skillful marketing tactics) mean increased revenue. Take Google or Mozilla Firefox, for example. While very few will be successful in actually getting filthy rich off free software, more and more companies are realizing that it won’t hurt, either.

In fact, aside from the cost benefits, think of the strategy of allowing students — up-and-coming software developers, IT professionals, engineers, and scientists — to use top-of-the-line commercial software (and face it, we students will certainly grab free software while it’s up for the taking, even if it’s just for the thrill and attraction of getting something worth “thousands” for free). But it is dependence that these companies are counting on, and it is dependence that we must be concerned about. The “average” college student, presented with these tools, taught in the classroom using these tools, and eventually inducted into the workplace using the same tools, will certainly develop a dependence on the software unless he or she makes a concerted effort to experience, use, and support truly open-source alternatives.

I admit, I love using free software. As much as I advocate Linux, it is still reserved to a partition on my laptop’s hard drive that isn’t booted much these days. I find myself using Windows 90% of the time because of the efficiency that proprietary tools like Windows XP Professional, Microsoft Office, Camtasia Studio, Flex Builder, Visual Studio, and others provide. Most of these tools I use on a near-daily basis both for school and personal purposes. Sure, there are… alternatives; some good, some not-so-good, and I could switch completely to Linux if I had to, but I would miss out on great programs like OneNote 2007 (unless WINE becomes capable of emulating it) that I use daily for school. And free screencasting/video editing tools are improving but not nearly as efficient as their proprietary counterparts. But if open-source software remains in the limelight for some time to come, then its quality will certainly be enhanced.

The bottom line? I for one am grateful for the opportunity to use free, professional-grade tools at no cost, and am excited for the future of open-source and how it is encouraging competition in the commercial marketplace. But I think we need to be careful not to become too accustomed to the software to the point where it would be difficult or too much work to switch to and learn something else (like how I probably shouldn’t have tried OneNote at all in the first place!), and I remain cautiously optimistic about whether these corporations have the right motivations for releasing their products for free.

The Ultimate Steal: Office 2007 for $59.99
Microsoft DreamSpark
Adobe Flex Builder 3