Vendors must start adding physical on/off switches to devices that can spy on us

Where's my webcam's off switch?

Have you ever noticed that your webcam doesn't have an "off" switch? I looked on Amazon, and I couldn't find any webcams for sale that had a simple on/off switch. When I thought I found one, but it turned out just to have a light that turns on when the camera is in use, and off when not—not a physical switch you can press or slide.

The "clever" solution is supposed to be webcam covers (something Mark Zuckerberg had a hand in popularizing); you can even get a webcam (or a laptop) with such a cover built in. How convenient! I've used tape, which works fine.

But a cover doesn't cover up the microphone, which could be turned on without your knowledge. Oh, you think that's impossible? Here are some handy instructions. Or maybe you'll say you're not paranoid—it's not a serious problem? Don't be so naive, said the FBI seven years ago (they're worried about predators stalking children), and the Atlantic, and USA Today more recently. The issue isn't going away. With hacking skills growing more common, the problem has surely grown, if anything, more dire.

Another "clever" solution is to use a software off switch, like this (for Windows). But it simply turns your webcam's driver on and off. Of course, it's not too hard for a sufficiently skilled hacker to turn your driver back on and start recording you without your knowledge.

For USB devices, you can use a USB off switch like this, which seems like a good idea; but it doesn't solve the problem for devices with built-in cameras and microphones like laptops and smart phones.

The humble "off" switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

Do any computer cameras with "off" switches (not just covers) exist? They seem to be very rare at best, but I was able to find one: the company building a Linux phone, Purism, has a whole page devoted to the joys and wonders of its off switch—which is kind of ridiculous, if you think about it. The humble "off" switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

(By the way, I have absolutely no relationship to Purism. I write about them because their focus is privacy and I've been writing a lot about privacy.)

The kill switch on Purism's Librem laptop (c) Purism 2019

Your phone has the same problem, you know

Tape over the webcam? Covers to disable the functionality we paid for? Why on earth do we go to these lengths when hardware vendors could simply sell their products with off switches? The more I think about it, the more I find it utterly bizarre. Don't these companies care?

I've just been talking about webcams, but let's talk about the really horrible spy devices: your smart phone. Oh, your Android phone can't be hacked? Here are some handy video instructions, viewed over 300,000 times and upvoted 1,100 times. Surely not your iPhone? Don't be so confident; hackers are very creative, as (for example) the Daily Mail has reported, and besides, Apple is proud of its patent allowing remote control of iPhone cameras.

Besides, it's been known since at least 2014 that the NSA had developed, as early as 2008, software to remotely access anybody's phone.

And yet there isn't a hardware off switch for your phone's camera and microphone, short of turning the device entirely off (but there's an app to turn the camera off). A device equipped with a hardware "off" switch for the camera and microphone isn't yet on the market, as far as I know. Purism is making one.

It's not just your webcam and your phone that you need to worry about, by the way. Do you have a smart speaker? At least you can mute Amazon Echo's microphone, and it's apparently a hardware switch, too, so well done, Jeff Bezos. That's important, if true, because it prevents software exploits. I found no word on whether Google Home's and Apple HomePod's mute buttons are hardware switches; maybe not. How about a surveillance or doorbell camera? How about your smart TV? Those can be hacked too, of course, and some of them are always listening. Wouldn't it be nice to have the peace of mind that they aren't listening to you when you're not using the TV?

In short, what if you want to turn these devices' cameras and microphones off sometimes, for some perfectly legitimate reason? Can you do so in a trustworthy, hardware-based way? In most cases, for most devices, the answer is No.

Let's demand that hardware vendors build hardware "off" switches

It's almost as if the vendors of common, must-have devices want to make it possible to spy on us. An enterprising journalist should ask why they don't make such switches. They certainly have deliberately made it hard for us to stop being spied upon—even though we're their customers. Think about that. We're their bread and butter, and we're increasingly and rightly concerned about our security. Yet they keep selling us these insecure devices. That's just weird, isn't it? What the hell is going on?

But this, you might say, is both paranoid and unfair. Surely the vendors don't intend to spy on you. Why would they add an off switch when nobody will turn your camera and microphone on without your consent?

But, as I already said, it's a hard, cold fact that hackers and government and corporate spies can and sometimes do turn our cameras and microphones on without our consent. This isn't controversial and, for anybody who is slightly plugged-in, shouldn't be surprising. Security experts have known that, for many years, regardless of the intentions of hardware vendors like Logitech and Apple and large software vendors like Skype and Snapchat, the hardware, firmware, and software that run our devices just are susceptible to hacking. It's just a fact, and we are right to be concerned. So these companies are responsible for building and selling insecure systems. At a minimum, they could be made significantly more secure with a tiny bit of hardware: the humble "off" switch.

If your webcam, or your phone, or any other device with an Internet-connected camera or microphone (think about how many you own) has ever been hacked, these companies are partly to blame if it was always-on by design. They have a duty to worry about how their products make their users less secure. They haven't been doing this duty.

It starts with us. We the consumers need to care more about our privacy and security. We're not powerless here. In fact, we could demand that they give us an off switch.

I think we consumers should demand that webcams, smart phones, smart speakers, and laptop cameras and microphones—and any other devices with cameras and microphones that are connected to the Internet—be built with hardware "off" switches that make it impossible for the camera and microphone to be operated.

Do you agree?


How I chose a NAS

A network-attached storage (NAS) device is your own Internet server device. It's your very own cloud! I decided to get one for my own reasons. But which, and configured how, exactly? Here's what I came up with for myself.


A NAS server (credit to Bin im Garten on Wikimedia Commons, CC by-sa 3.0)

After dropping Dropbox, and then ditching Resilio Sync, I decided to get a NAS. To pull this off, it seemed to me I had to answer the following questions:

  1. Type of server. Should I roll my own personal server using Nextcloud (or OwnCloud; but probably Nextcloud) on Linux, with a regular web server (device/box/CPU), or get a NAS server instead?
  2. Server software. Assuming the actual box I purchase is a NAS, should I go with the proprietary software installed on the box (of any kind), or install Nextcloud and plan to use those features?
  3. NAS vendor. There are actually two-closely related questions here. (a) Which brand of NAS box should I purchase if I do decide to use proprietary server software for the NAS? (b) Which proprietary server software do I prefer, regardless of the box? It is the combination of the two questions that would determine which vendor I'd purchase from.
  4. RAID/drive configuration. This also has two closely-related questions. (a) What RAID configuration should I plan to set up? (b) How many bays should I plan to get? In other words, how many drives will the server have, and how will they function together to serve as automatic backup or redundancy?
  5. Beefiness. How much machine do I need?
  6. Drives. Which drives should I put into the NAS bays?

Answering these questions helped me decide which box I would purchase. But because these are some difficult-sounding and (to me) unfamiliar questions, I decided first to get to the nut of the issue. After all, I did already know why I wanted a NAS and what some of my requirements were.

I wanted a NAS (as I said) first and foremost as a replacement for Dropbox. I actually didn't have very much data in Dropbox; I had more (over 500 GB) on my hard drive, backed up to an external drive. If I felt I more confident about my data storage, backup, and long-term continuation strategies, I might digitize (or pay a kid to) a hell of a lot more of my data. (10 GB per DVD/Blu-Ray at ~200? disks = 2 TB. Could be doable!) So it might be a good idea to err on the side of lots of space.

But the thing that pushed me to a NAS solution, over syncing all my devices directly such as Resilio accomplishes, is the availability of lots of awesome personal cloud software, for things like calendar, contacts, and who knows, maybe even email. (I finally called my current mail hosting provider. They don't encrypt my mail on their servers. They can quite easily read my mail. I don't think they do, but I have to trust them. Sucks to have to trust them. But I will probably not try hosting my own email; that's really hard to get right.) Since Synology has so much decent software (so it appears; check out their packages list and demo), that eventually inclined me toward them. Any NAS should also let you install and run Nextcloud, which is open source and has a boatload of similar free software for your personal home server.

Now, if I was going to put mission-critical things like calendars (which need to be up-to-date!) and shared/collaborative documents on this server, then I should also have a sufficiently beefy and fast machine. (I also upgraded my Internet connection to the fastest home connection.) One of the differences between Synology and QNAS is that the latter is supposed to be stronger on hardware specs but weaker on software functionality (maybe). That was bothersome, because I wanted both to be awesome.

All right then—how did I answer the questions?

Type of server

Question: Should I roll my own personal server using Nextcloud (or OwnCloud; but probably Nextcloud) on Linux, with a regular web server (device/box/CPU), or get a NAS device instead?

This one was easy to dispatch. It looked to me as if, supposing I tried to set up my own server, then running Nextcloud on it wouldn't be the hard part; running a good old-fashioned server would be. I'd have to make time to learn good old-fashioned server administration, which would be hard even if I ran FreeNAS, an open source operating system for self-built NASes. And even if I wanted to do that (server administration would be a cool skill to have), if I don't have to learn all that, because NASes solve all these problems for me, then I don't wanna.

Now, if I were still a poor student or a full time developer/engineer, maybe I'd be rolling my own. But since I can afford to let someone else do all the hard server setup work, I reasoned, I will.

So, I said, forget that noise. It's a NAS for me, period.

Server software

Question: Assuming the actual box I purchase is a NAS, should I go with the proprietary software installed on the box (of any kind), or install Nextcloud and plan to use those features?

When I first wrote the above questions, I was laboring under the false assumption that I would have to choose between the Nextcloud suite of server applications and whatever Synology or QNAP offered. But this is false. You can run both on the same NAS!

There are a number of guides online to installing Nextcloud on Synology and on QNAP. So if I want the functionality that Nextcloud offers, because Synology, QNAP, or any other NAS doesn't cut the mustard, then I can always do that.

My biggest misgiving, to be honest, is that companies like Synology and QNAP don't always seem to have the user's privacy foremost in mind, but they're better than most. (I found this discussion of the issue useful.) Certain apps and support might require that the vendor will have some access to your data. But this is the price you pay for not using free software; as far as I know, the only way to absolutely guarantee the privacy of your information is if you enjoy total ownership over your hardware and software. But in this case, it involves developing skills (server administration) that I just don't have time for these days. So I'll just have to be careful and conscientious in what information I give to the vendor, what I install, what privacy issues it has, etc.

Besides, I figured, I could always install and run NextCloud on the device, and that's open source. So maybe was OK.

As this was a question I didn't have to answer yet, I decided to kick it down the road.

NAS vendor

Question: There are actually two-closely related questions here. (a) Which brand of NAS box should I purchase if I do decide to use proprietary server software for the NAS? (b) Which proprietary server software do I prefer, regardless of the box? It is the combination of the two questions that would determine which vendor I'd purchase from.

This was the first question that I couldn't quickly gloss over. Given that I knew I'd be buying a NAS, it followed that I'd be buying a machine that is already set up with its own operating system and, in the cases I'm most interested in, support for the suite of cloud apps I'm after (actually pure Linux NAS systems are available, but strangely expensive).

I had a few desiderata here:

  • Must have strong privacy and security policies and practices. The biggest reason to get a NAS, for me, is to avoid the privacy and security issues associated with hosting my data in a shared public cloud like Dropbox. So the operating system had better not phone home, the way Windows and Mac do, and the software should generally have strong privacy practices. Strong plus if data encryption features and two-factor authentication are built in and automatic or easy to implement.
  • Must be fast and powerful enough for daily use. I'm not sure how powerful it has to be, and it certainly depends on my Internet connection. But the bottom line is that syncing should not take forever, I shouldn't have to constantly wait for things like calendar entries to update, chat apps shouldn't be laggy, photos should upload and download reasonably fast so my family and I can use the server, etc.
  • Software in the ecosystem must be feature-rich and easy-to-use. Assuming it makes sense to make generalizations about the software ecosystem of a vendor, the software should be advanced and "ready for prime time," or as much as possible. For example, the syncing software should enable me to restore old versions that were mistakenly deleted. I should be able to share files with fine-grained permissions. The office collaboration apps (Google Docs/Sheets replacement) should offer real-time updating without significant edit conflicts. Updating the system should be automatic, i.e., as easy as it is to update Ubuntu (more or less automatic, if that's what I want, as it happens to be).
  • Prefer good reputation and reviews. Specs count for a lot, but so do reviews and reputation.

There are, essentially, two top NAS vendors that everybody talks about: Synology and QNAP. There are other vendors, to be sure, including (not a complete list) Asustor, TerraMaster, Netgear, and WD. But Synology and QNAP seem to be the gold standard, and since I had no desire to spend many hours or days looking over the differences between all the others, I initially narrowed down my choice to these two.

In my travels around the Internet, I found that Synology is marketed and thought of as being a home solution for the average reasonably technical user—or perhaps just for anybody who values UX highly, regardless of skill level. (I don't really know.) It apparently has an emphasis on simplicity and usability—the demo linked above gives great evidence of that—but sometimes (so I read) at the expense of configurability or choice. Synology puts more money into software than hardware, according to one prolific NAS reviewer; for the same money, a Synology box has more usable software but less satisfying hardware stats and overall speed than QNAP.

QNAP is sometimes portrayed as being more of a solution for more technical users, for whatever that's worth. While both ecosystems are based on Linux (and therefore presumably very configurable at some level), QNAP is again reputedly more configurable and speedier. It also has more apps available—but the apps are also sometimes a bit dodgier, or so I read. All of that sounds like Linux to me, frankly; but QNAP is actually more often compared to Windows and Android. Whatever, such comparisons are surely of limited value.

On this limited basis, being on the techier side who likes configurability, I was initially inclined toward QNAP. But on second and third thoughts, I heard a lot of breathless praise for Synology and the quality of its apps, including from some very technical people. And after all, I really care about software quality. Synology advocates say that its software "just works"—hugely important. A random person on Reddit replied to me saying, "From personal experience I run both Synology and QNAP devices and have done for several years. Synology has more robust software, generally more stable and less security flaws. QNAP provides faster hardware for the same money."

Reddit commenters seem to be fairly evenly divided between the brands, and machines from both brands are similarly rated 4 to 4.5 stars on Amazon.

I decided in the end to go with Synology. Usability is key. But I'd probably be about as happy with QNAP.

RAID/drive configuration

Question: This also has two closely-related questions. (a) What RAID configuration should I plan to set up? (b) How many bays should I plan to get? In other words, how many drives will the server have, and how will they function together to serve as automatic backup or redundancy?

A few different technical observers have said that one should err on the side of many bays, and that two is a definite non-starter. Why? Because two bays won't give you enough space unless you use a no-RAID setup, and part of the beauty of a NAS is that it has RAID support built in. (RAID, in case you didn't know, is an acronym for "Redundant Array of Independent Disks," and it is the practice of mirroring, and otherwise intelligently managing, data across several disks. It isn't the same as backup, but it can save you from losing data, so it can be a useful part of an overall backup plan.)

On the other hand, I don't have that much data, to be honest. Since Synology is expandable, I didn't go crazy and get a hell of a lot more space than I need—just a lot more than I need. For my personal, family, and modest business needs, I decided to get a five-bay device (it would have been four bays, but a five-bay device had double the RAM) and put three 2 TB drives in it. According to Synology's RAID calculator, this gives me something less than 4 TB of usable space, which is a lot for me. If I really wanted to rip all my movies, I'd have more than enough room. I can always add more drives and increase the size of the drives, too.

As far as which RAID configuration to use, since I've decided to go with Synology, I didn't even need to think about which kind to use: I just went with the cool "Synology Hybrid Raid" (SHR) setup. I don't understand it very well myself, except that it's supposed to be better than traditional RAID configurations for most uses.

Beefiness

Question: How much machine do I need?

When I sat down to figure out "how much machine I need," assuming I was going to get a Synology with four (or five) bays, I asked the Synology subreddit for help and the respondents generally said to just go ahead and get the beefiest four-bay machine. It was well within my price range and good value for the money, a couple people said. I asked a related question on r/HomeServer, where the DIY geeks tried but failed to make me feel guilty for not building my own server. (I did learn that I should choose my forums more carefully, though; and that, indeed, I might want to build my own server eventually, or have my son do it for me.)

A higher-end machine seemed necessary if I wanted to support (a) several simultaneous connections, (b) non-laggy real-time collaborative editing, (c) video streaming (seems like a good idea if the device is capable of it), (d) several apps/server processes running simultaneously.

So I decided to get the option with the most powerful processor (quad core Intel) and most RAM without actually voiding the warranty, and that ended up being this one.

Drives

Almost done! Last question: Which drives should I put into the NAS bays?

I have absolutely nothing intelligent to say on this one. I'll just share my conclusions. There are two main brands and models touted for NAS devices: Seagate IronWolf and Western Digital Red. Mostly because someone at Micro Center recommended them, I went with the SeaGate IronWolf. You can also choose the slower or faster versions; I got the faster-rated "Pro" version because disk access speed might actually improve the speed of response from my NAS when I'm out and about.

Conclusion

Wish me luck. The NAS and drives should arrive next week, and then I'll look forward to installing them on my network. I'll be getting a new router, too. (You should have a fast, secure, and modern router for a NAS, I gather, but I won't bore you with my ruminations on that.) All of that shouldn't take long. Rather longer will be the installation of the many and various NAS apps (and corresponding mobile apps) I'll need, along with the upgrading of my contacts, calendar, and of course my file sync program. The longest part of that process will probably be the actual copying of data from my computer's drives to the NAS. Hopefully, I won't have too much trouble converting my data folders, now associated with Resilio Sync (and earlier, with Dropbox) to whatever the Synology app I use on my computers and phone.

Another necessary step will be to do setup a zero-knowledge cloud backup—one that is strictly a backup, with no sync, no file access, no nothing but encrypted data storage. Should be fairly cheap (much cheaper than syncing services like Dropbox).

And another thing: I'll have to really lock down the NAS, since so much important info will be on it. Fortunately, Synology does have a lot of tools for doing that.

And another: I might want to route all outbound traffic from my NAS through a VPN. That's possible. (You can also use the NAS itself as a VPN node, but I'm not sure why, if you've already got a VPN to use; maybe a reader can tell me.)

What about the fun stuff? Well, in the very near future, I look forward to being able to do all this:

  • Delete all Google Docs I own; host my own real time collaborative documents. All of the Google Docs and Sheets I own, I'm moving to the corresponding Synology app on my own server. As far as I've been able to ascertain, the functionality is pretty much identical. I can't necessarily expect my work colleagues to stop using Google Docs, so I won't be able to rid myself of my Google account completely, but I will be able to get rid of most of my dependency on it. (There's still YouTube, though. I'm still all in, there.) But the cool part of course is that the documents I edit in real time will live right there on my own machines, in a private network I can open up to whomever I want.
  • Delete Google contacts. Completely delete all my contacts from Google, because I'll have them in a single central copy on my NAS (but with redundant copies on my devices).
  • Delete Gmail archive and set up Gmail vacation message. Since that was the main thing I was waiting for before rendering my Gmail account nonfunctional, I'll then make sure I have a local copy of all my Gmail archive, then delete all my old mails from Google servers. Then, finally, set up a "email me at my new address" on Gmail, something I've sort of been putting off until getting completely ready to separate myself from Gmail (not just my ongoing personal mail use, but all data archives, too).
  • Move Gcal data to Synology Calendar. I'm still using Gcal because I haven't had a privacy-respecting cloud solution. Soon, I will. Finally I'll be telling my colleagues to put my appointments invites on my own calendar on nas.sanger.io or—why not—just send me a mail and I'll add it myself. We've gotten so used to dealing with automatic invites that we've forgotten how stupid simple adding an appointment is by hand yourself. Hardly any time at all.
  • Stop using Slack for family chatting; start using chatting on our family server. Even if Papa is on the other side of the world, we'll be able to connect to each other via the same server that's right at home. My wife won't worry (as she does) that someone at Slack (or some hacker) is watching over our shoulders, since the whole encrypted chat takes place via our own server.
  • Keep my password manager datafiles in sync. I've had trouble with this ever since switching to Resilio and trying to use a single datafile shared by all instances. Instead, now I'll be able to use Synology's (and Enpass's) support for the WebDAV standard to keep the datafiles in sync. Yay!
  • Share pix with family like Dropbox, listen to streaming music, audiobooks, and podcasts like Pandora, and watch ripped streaming videos from anywhere like Netflix. Seriously, Synology even designed their video player's UX like Netflix's. So if I do decide to rip all those DVDs, I'll be able to watch videos that were formerly on a shelf in my living room while I'm unwinding after a speech far, far away. We can also stream the videos through the NAS straight to the TV, which is also cool. After this, I might not buy any more physical disks; I might just go ahead and buy digital all the way and stream stuff, assuming I don't have to deal with DRM headaches.
  • Maybe set up a Mastodon instance. That would be a great option, previously not available to me (or, not entirely controlled by me), for a new social media experiment I can use with my former Facebook friends.
  • Maybe get some security cameras. I wouldn't have done it before for the simple reason that I don't want the data online, as it would be. But if I can host the data myself, maybe it's OK.

Of course, there's a huge caveat: if it works as advertised. We'll see!


Cloud smackdown: NAS vs. Resilio Sync vs. Zero-Knowledge Cloud!

In my ongoing effort to lock down my cyber-life, I jettisoned Dropbox three weeks ago, and I'm quite happy I did.

But I'm not done with the reconfiguration. So, if you have the patience and credulity, you may listen in while an amateur deliberates about the choices...

People more expert about this stuff than I am: please review my various claims here for accuracy. I must thank a gentleman who gave excellent feedback and corrections on my VPN post from a month ago.

Why Resilio Sync isn't working out for me

As I explained in an update, the solution I went with—Resilio Sync plus backup to an external drive—had some drawbacks that were unexpectedly annoying. Foremost among these is the fact that Sync isn't a "set it and forget it" technology, i.e., you have to think about and maintain the state of your syncitude, since your devices have to be on at the same time (and Sync has to be working on both/all of them). Also annoying is having to rely heavily on traditional backup, because if God forbid you should delete something inadvertently, your deletion will propagate among your devices (if they're all on at the same time—entirely possible). I've had to use Dropbox's "restore" feature before; I figure it's only so long before I have to restore something from my backup, and what happens if my backup program's restore feature is screwed up or very hard to use? Oy.

These problems are annoying, but not horrible. However, I definitively decided that I had made the wrong choice when I discovered that Sync has no easy way (that I can find) to support the syncing of contacts, passwords, calendars, bookmarks, and text editor settings. Sure, you can sync a data file, but insofar as this same data file (i.e., identical copies of it) must interact correctly with software on each of your systems, then unless the software is specially and carefully written to work with an independent datafile that works the same on all your systems (I think Sublime Text is OK here), you should let your local copy of the software update its own copy of its datafile. This is one of those technical issues that sounds very abstruse, but which poses very real, concrete problems when the rubber meets the road.

The problem, essentially, is that you need to let your software (browser, password manager, calendar, or text editor) handle its own syncing via the cloud. There are two ways in which software can do this for you: (1) you use a cloud you pay for, like Dropbox (e.g., Enpass supports Dropbox syncing), or (2) you use the software vendor's cloud/server, as email syncs via IMAP with your mail host, which you must trust, or as Chrome and Firefox do with bookmarks, and as Apple does with your contacts and calendar. Boo! Hiss! I'd rather handle this myself and avoid the privacy/security risks, if I can.

Your very own cloud server: a NAS

Well...having decided I'm going back to the drawing board on a cloud/device syncing solution, I recalled that NAS devices solve this general problem very neatly. NAS means "network-attached storage," and it means basically your very own personal cloud server. It's an actual box that lives in your home or office, but it's also on the Internet, so you can access it from anywhere. It's not a traditional desktop computer; it's a server. With a NAS, when you sync your devices, they don't all have to be on, because they sync via the NAS, which is always on (but don't worry, it doesn't use much energy). If you ever have to restore your files, the NAS makes it easy without the trouble or worry of having to interact with fiddly backup software. In other words, "file restoration" is built in to the NAS's syncing software—an "undo" button for inadvertent deletion.

NASes (especially the Synology brand) come with a whole raft of software for syncing particular types of data that work with different apps, like calendars (oh joy! Finally, a plausible replacement for Gcal!), address books, passwords (using WebDAV), and more. This is a decided advantage over Resilio Sync, which simply doesn't offer such solutions.

NAS devices also support cloud-based collaborative document editing—basically, they replace Google Docs. It's insane what a NAS can do for you: not just syncing documents and data, not just collaborative document editing, but also (these are all available Synology packages/apps)

  • calendar (replaces Gcal and Apple calendar via iCloud)
  • contacts/address book (CardDav; replaces various)
  • chat (replaces Facebook Messenger, Slack, and Telegram; includes end-to-end encryption)
  • your own frickin' mail server if you're brave enough
  • photo sharing (replaces Instagram, Facebook, or whatever you use to share pictures with your family and friends)
  • Discourse (host your own web forum)
  • Apache and support for various programming languages like Java, Node.js, PHP, Ruby, as well as databases; i.e., make your NAS an actual, fully-functional web server
  • Redmine (project management and ticketing system; replaces Zendesk, Pivotal Tracker, Jira, Trello, Asana)
  • multiple options for blog, CMS, and wiki systems
  • video hosting and podcasting
  • VPN (i.e., turn your NAS into a VPN node)
  • Git and Git Server (put your code on your own Git server instead of using Github or Gitlab; handy if you have totally private projects)
  • built-in backup for the NAS

In short, just think of all the computing functions you farm out to the Internet just because you want something "always available from anywhere using a brower." Well, pretty much all of those services can be had via your own NAS, and a sizeable company (Synology) supports the software.

Now, I'm not saying these apps are as good as the ones available to you from the professionals. Your NAS is not likely to be as fast or as reliable as your current web host. But (a) it's yours, and (b) you don't have to worry about the prying eyes of corporate workers, or about hackers attacking the big corporate data honeypots (they might take a crack at your NAS if they think its defenses are poor, though).

Wait, what about zero-knowledge cloud services?

Oh, you thought I had forgotten about zero-knowledge cloud services, like Sync.com, Spider Oak, Pcloud (my son threatened to use this one himself because he didn't like Resilio Sync), and others?

I started out thinking these were good options, but in retrospect I see they don't hold a candle to NASes. They specialize in being always-on, reliable, and secure cloud sync/backup options. And that's good. The problem, however, is that there are an awful lot of cloud services we rely on that put you and your data in the same boat as Dropbox. And even if you don't need to host your own website or your own mail server, which is admittedly going a bit far, there are very sound reasons at least to want to host your own contacts, passwords, calendar, and so on.

I looked at the features offered by Sync.com, Spider Oak, and Pcloud, and while they seem to nail the traditional Dropbox feature set (which is good!), they don't support the other cloud features I'm anxious to have. One of the next items on my lock-down "to do" list is to finally replace Gcal and Apple Contacts, and to delete my calendar and contacts from Google. I just hate the idea of leaving these problems unsolved. My ambition is to completely divorce my data and habits from Google, Apple, and Microsoft products. I don't see how I can do that without either trusting somebody else, or running my own server. Since zero-knowledge cloud services are so underdeveloped at present—and if I were an investor, I'd put money into that, as it strikes me as a potentially huge growth industry—the only option left is a NAS.

Some final reasonable considerations

Let's take a step back and get reasonable, now.

What is the main concern motivating these deliberations? Not just concern about privacy, but a refusal to entrust sensitive information to corporations that are, essentially, black boxes to me. But maybe I can just accept some risk here. Isn't that reasonable?

Well, I wouldn't be where I am if I was prepared to answer "yes. " My sense of the thing is that having massive amounts of valuable data sitting right in their servers ends up being too much of a temptation to a lot of companies, and they can craft and interpret their privacy policies in a clever enough way to escape much legal risk. And even if I could trust their privacy practices, the many and growing number of security breaches means my data isn't safe.

I also don't like the direction that both government surveillance and authoritarian, paternalistic corporate cultures are moving in; while I don't expect the secret police to bust down the door anytime soon, or the remaining Big Tech companies I have relationships with to cut me off, it's a definite plus to cut ties with these institutions which have become so corrupt.

I admit my motivations are partly (perhaps only a small part) political. I'd like to lead a revitalized, individualistic civil society in a better direction, help support the ecosystem of privacy-respecting companies, and poke snoops, spooks, hackers, and authoritarians in the eye.

All that said, I don't expect others to think about this the way I do. We all have our paths to walk.

As for myself, I've concluded I will get a NAS after all. Wish me luck with the installation and configuration!


How I replaced Dropbox

Updated April 2 at bottom.

My main beef with Dropbox is that it's not secure, not adequately encrypted, and there's been a little too much indication that Dropbox is spying on user data.

Ever since I decided to lock down my cyber-life, I had Dropbox in my sights. It was going to be a pain to replace it, I thought, so it took a while before I got around to doing so. I finally did do so today.

The longest step of this process was deciding what I wanted to do. At first, I thought I'd set up my own lightweight cloud server using my desktop, which would sync files on all my devices, something like NextCloud. A great bonus is that this makes it particularly easy to sync things like your address book and passwords. This doesn't seem like a bad idea and is now my fallback. But I ultimately decided to pass because (a) setup might end up being very bothersome, (b) it might eat up desktop resources, and (c) I'd have to keep my computer on all the time, which seems suboptimal.

All of the problems with installing my own NextCloud—bothersome setup, resources constraints, and always-on system—are taken care of by getting my own server or, less ambitiously, what is called a NAS, or Network-Attached Storage system. I spent several hours yesterday researching all about NASes, and came close to getting either a QNAP or a Synology NAS, because they're so frickin' cool. I mean, jeez, it's actually a fully-functioning standalone web server with a zillion apps (especially Synology), and sure, you can use it to sync your files. But the more I thought about it, the more I thought, "This is a lot of work (and yet another giant attack surface for hackers), when all I really want is a Dropbox replacement." If I were just hacking and exploring, I would have gotten a NAS in a heartbeat, they're so cool. But I have other things to do, so...

I also semi-seriously considered getting a zero-knowledge encryption system, like SpiderOak. The premise seems solid: your files are all saved in the cloud, but 100% encrypted, and the key needed to decrypt them is only on your machine (or in your head). SpiderOak (and many other similar services) cannot scan your files because it lacks the keys to read them. I guess my experience with being hacked and seriously disaffected with storing data in the cloud generally turned me off even to this. If I don't have to trust a company (as I do if, e.g., I want to use a VPN), then I'd prefer not to.

So, how do you get cloud functionality without the cloud? With syncing apps. These use different technologies to sync your devices directly with each other, through the Internet, but not stored on the Internet, and without any one of them acting as a server to the others (so they're all peers of each other in your little device network). It turns out that there are several options available here, and I came close to going with Syncthing because it's open source (and therefore, more trustworthy) but...no iPhone app. But the next best thing is Resilio Sync, which is also based on (the UPDATE: closed-source) Bittorrent Sync. Now, the fact that it uses Tor doesn't mean your data is stored in the dark web. It simply makes use of the Tor network, which is perfectly legal and legit, that is required for accessing the dark web (something I've never even tried to do, by the way). The beauty of the system is that in transit through cyberspace, your data is end-to-end encrypted through a decentralized network. It's hard to get more secure, or that's my understanding.

Resilio Sync is pretty easy to install if you're not using Linux. It was a bit of a pain (they could work harder on the setup, I mean really, guys) but still doable, if like me you're reasonably adept with vague Linux instructions. It didn't take longer than an hour to completely set up and test (my son did it in half the time), and then I started moving folders over, one by one, from Dropbox to my new Sync folder. This was quite satisfying, not unlike that satisfying feeling of changing my account email addresses from gmail.com to sanger.io. And because Resilio updates via your LAN directly from device to device, it syncs much faster than Dropbox. Like Linux, the slightly geekier alternative turns out to be just better, all the way around.

I got the $100 one-time deal so my family could all use it. Since this is roughly what I've been paying to Dropbox yearly for the last decade or whatever it's been, I was very happy to pay this.

How does it work? Well, once it's set up, it's just like Dropbox. Create a new file in your work folder? It's practically instantly synced to any other devices that are on, as soon as you save it. (Of course, it does have to be on, in order to sync. And your phone won't sync the file and folder contents; it will only sync the index, and then, as with the Dropbox mobile app, you can download the item one-by-one.)

There is one very small change this might require to your routine. Since your files aren't in the cloud but only on other machines, before you leave one machine with files on it you might want to access elsewhere, you'll want to make sure either (a) that machine will stay on while you're away from it, or (b) you've synced before you leave while they're in close proximity (the LAN connection will make syncing faster, too).

Love it so far. Buh-bye Dropbox! Any regrets so far? Not really. While LAN syncing for me is significantly faster than Dropbox, it uses only 10% of my available LAN bandwidth, and I wasn't able to get it to go faster; I'm not sure what's up with that. I tried to fix it but didn't dare do too much, since it involved a lot of fiddly changes to settings that, it seems, need to be undone. Your mileage may vary.

Also, they didn't make Linux GUI other than a browser-based one, which is OK; it works well enough. They didn't even bother to create a tray icon, but they do have an API, so my 12-year-old son made one for them and I'm already using it. (Want the code, Resilio? I can set that up.)

Of course, if you haven't taken the Linux plunge, Resilio Sync is probably going to be a lot more usable for you—not that, at the end of the day, it isn't extremely usable for Linux users, too. And, as I've indicated, there are many, many other options available to you if you want to ditch Dropbox. You should consider them for yourself.


April 2 update:

I've been using Resilio Sync for the last two weeks, and my son and I have a few concerns. The first is one we knew about going in: it's not a cloud solution. Syncing works only if both devices are on. This means syncing isn't exactly "set it and forget it." You have to pay attention to whether something is syncing, and if you forget...you won't be synced. After using Dropbox for years, this turns out to be quite annoying.

This, in turn, means I have to worry more about losing files. I can back up files on my main machine, which is always a great idea (of course), but if I haven't synced because two machines haven't been on at the same time (or because I need to reboot Sync, which is also an annoyance), then I might still lose laptop files because I only back up my desktop.

Backing up is all the more important because it is possible to inadvertently delete a bunch of files from one machine...leading them to be deleted everywhere. That would be a disaster. It's like automatically deleting all your backups. Of course, the stuff might be rescuable in Trash, but do you really want to rely on Trash as a fallback solution?

To pour salt in the wound, if I really want peace of mind, I have to make sure the the backup program is fantastic. I can't rely on Resilio Sync as a backup program. And the default Ubuntu backup program kind of sucks (which is surprising to me). This isn't a count against Resilio, but it does make switching, if I'm going to switch, more urgent.

So it's back to the drawing board. A zero-knowledge encryption cloud solution is sounding better now, but there are two sticking points for me: (a) I don't want to have to trust an external vendor if I don't have to, and (b) I'm not confident that I know what's going on well enough to be able to say that my data is truly secure and private.

Last time, I came very close to getting a NAS, but I didn't. I'm now 90% sure I will get a NAS after all.

The reason I didn't get a NAS the first time is that it sounded like just too much trouble to set it up and maintain it, not to mention having another attack surface to lock down. But the more I think about it, the more I think it might be worth it.

After all, another rather huge advantage of a NAS is that I don't have to rely on any cloud service I don't control myself, at least for my personal purposes, for a range of purposes we now use different cloud services for. That means I can maintain my own synced contacts, passwords, bookmarks, etc., as well as supporting collaborative documents (a la Google Docs) I want to work on with others (such as a Declaration of Digital Independence). I might still have to rely on Google Docs (or something like it) for work, but at least my private life would be more locked down.

Any one of the latter advantages certainly wouldn't be enough to justify getting a NAS. But taken together, and combined with an always-on Dropbox alternative that I can "set and forget," it's looking better and better.

Stay tuned. I'm not done yet.

Another installment in my series on how I’m locking down my cyber-life.


How and why I got a VPN

As part of my ongoing efforts to lock down my cyber-life, I finally decided to investigate VPNs (virtual private networks) and subscribe to one, if it seemed to be a good idea.

Well, it is a good idea. So I got one, and it was pretty cheap.

What is a VPN, anyway?

A virtual private network, briefly, is subscription service (there are free ones, but don't use a free one) that you can connect to in order to mask your IP address, pretending (unsuccessfully if you're using a mobile connection) that you're connecting to the Internet from somewhere else, while encrypting the data that passes between you and your ISP (which can mean your data is encryped as it passes through wifi). It doesn't replace your ISP; you still need an ISP to connect to the Internet. More specifically, a VPN (typically, a for-profit company):

  1. Is runs a number of servers (computers), which ideally are located all around the world, each of which connects to the Internet on your behalf.
  2. Is a service you connect to, as a data "tunnel" to the Internet. You can set up your computer or phone so that it connects to the VPN whenever you get online (or whenever you like). All your requests to the Internet, and all the responses you receive from the Internet, are routed through one or another of the VPN's nodes.
  3. Encrypts the data exchanged between its servers and your device.
  4. Typically doesn't log your traffic (but there's no way to know this for sure) or intercept your data (unless they receive a specific court order to do so in your case).
  5. Is typically a paid service; there are free ones.

Why would I want a VPN?

So, what does a VPN do? What is it good for? What are the benefits? Why would you get one? Several things (cf. this useful intro):

  1. Foil the NSA, maybe. You connect to the Internet via your ISP at home, right? Well, since data you exchange with the VPN is encrypted, your ISP can't detect anything about what websites you're looking at or what information you're sending. Since mass surveillance (e.g., by the NSA) is typically done at the ISP level, this foils such surveillance. But maybe you trust all the fine, upstanding people who work for the government and don't care. Well, there are other reasons, as well:
  2. Make it harder for websites, hackers, and advertisers to spot you. When you connect to a website without a VPN, it typically logs the IP address that is accessing it, maybe info about your device, browser, etc. This can be used by the website to track you and for various nefarious purposes. When you connect with a VPN, websites log data from the VPN's server, which says nothing about you. This protects your information privacy and security (which you should care about!).
  3. Use airport, hotel, and restaurant connections securely. If you connect to the Internet via your airport's connection, hackers can pretty easily do nasty things with your data stream. But if your data stream is completely encrypted on its way through the airport's wifi to and from the VPN, those hackers can't touch you. Take that, hackers! This is a huge advantage to me, considering how much traveling I'm doing these days.
  4. See content as if you were elsewhere. If you want to access information that is accessible only by IP addresses from a given country (such as the U.K. or the U.S.), a VPN lets you do so. You can make it look like you're from there! E.g., I can watch Brits-only content from the BBC. That's just kind of cool.
  5. More safely do P2P file sharing. If you must, and are cheap, and refuse to pay the creators of your content, you bastard.

If you don't care about privacy or security or striking a blow against mass surveillance, then you should pass. If you do care about those things, consider getting a VPN.

WThere's one significant disadvantage about VPNs, which makes me sad, but I'll live with it: VPNs do slow down your Internet connection, but not necessarily by much. As you know (if you know how the Internet works at all), Internet traffic bounces from node to node as it makes its way from the website (or whatever) you're accessing to your device. The VPN adds one node to that trip. As long as you connect to a VPN server located near you, this trip isn't actually lengthed by much. BestVPN.com says it slows down your connection speed by 10%, but the actual amount at any given time depends on many factors. I rarely notice much of a difference, for what it's worth.

Update: after using it for a couple days, my VPN (which is reputedly one of the faster ones) doesn't really noticeably slow down my connection, even at the hotel. Except when I was connected to the U.K., and then the only problem was that I had to buffer a video once or twice.

What VPN did I choose?

I'm not telling. I spent some hours doing research. A name emerged. You should do the same and use your own judgment. Be careful not to subscribe to any shady VPNs; they doubtless do exist and it might be hard to figure out whether yours is one. There can be problems with the software as well. Unfortunately, some amount of trust is involved if you're not a specialist. I bore these requirements in mind:

  • Don't just look for claims that they don't keep logs; check that the claims have been verified (by consultants, courts, or police).
  • Bear in mind that many reviews might be paid for and so can't be trusted. It might be hard to tell which reviews these are.
  • Speed.
  • Can one determine who owns the company? Do they look legit?
  • Support for Linux.

There are other features you might be interested in, of course.

How hard was it to buy and install?

I can speak only about the one I bought and installed: it was dead simple. It was no harder to buy than any other subscription service. As for installation, I had it downloaded, installed, and working in maybe two minutes. Of course, that's just the one I bought.

Note, you don't have to install special software to use a VPN, e.g., if you're using an OS or browser that has the software built in.

There's much more to know about VPNs, which you might want to know if you're going to get into it. You're just getting a rank beginner's explanation of why he got one, here.

This is part of the series on how I'm locking down my cyber-life.


Further on my Linux journey: Ubuntu on a laptop

First, I decided to switch to Linux. I have to tell you: I'm so glad I did. It's not just the sheer relief from the knowledge that I'm not being monitored by Microsoft or carefully controlled by Apple. I'll admit, that's probably the biggest advantage to Linux for me. But I really, truly find Linux Ubuntu (that's the distro I'm using) running the Gnome desktop environment (this is actually the thing that has 80% of the "look-and-feel" we associate with operating systems) to be significantly easier to use (and faster, and less frustrating). Of course, we're all different and your mileage may vary.

But after having used it some more, and having also installed another distro, I'm not sure Linux is quite ready for grandma yet—not unless she's rather technical, is eager to commit a fair bit of new stuff to memory, or has easy and quick sources of help. I do stand by my claim that Linux is ready for prime time, but only if you use one of the more user-friendly distros. If you're a "power user," i.e., if you are not necessarily a programmer but do know your way around a computer pretty well, if following technical instructions to solve problems doesn't bother you too much, then you should really seriously consider trying out Mint or Ubuntu. The cool thing is that you can try it out before you take the leap, either with a live boot (i.e., it lives on a thumb drive; this is probably easier) or a virtual machine.

Then when I went on some trips and a month ago I had a serious moment of disgust with my Apple laptop. I mean, ugh, there were so many things I have come to dislike about the Apple scene, but after enjoying daily life with Ubuntu, when I switched to Apple while on the road, I just could not get over how damned clunky the thing is. It looks pretty and costs too much, but god, so much about it is, in the vernacular of my teen years, totally bogus.

So then I decided, OK, I'm going to dual boot on my MacBook Pro, too, i.e., run both OS X and Linux on the same machine, in different partitions. I had it narrowed down to distros like Arch, Manjaro, and openSUSE; I wanted to try something that wasn't Ubuntu, just for the experience.

Well, last week, I finally bit the bullet and put Manjaro on the machine. (This time I insisted on doing most of the hard work, instead of leaving it to my 12-year-old son, who has been using Linux daily for longer than I have.) Installing wasn't that hard, actually; it really wasn't significantly harder than installing Ubuntu. While most things worked, I ran into a series of problems I won't bore you with; suffice it to say that I ended up installing Manjaro twice and rebooted it endless times while trying different drivers and Grub parameters and stuff. I worked very diligently until an experienced Linux user told me that I shouldn't even try to put any Linux distro on a new MacBook (mine is from 2018) because so many of the device drivers are simply unsupported. That was a huge let-down. Even my Linux geek son couldn't figure out the issues. I told my wife I'd just sell it, but she said to give it to the boys since the old laptop they're sharing (another old one of mine) has a screen that often didn't work properly.

By then, I had also decided I didn't like Manjaro much (or maybe it was the XFCE desktop environment). In any event, I had enough hours on Manjaro to have learned that mastering two different flavors of Linux at once was going to be a serious pain without any compensatory advantage.

So I ended up shopping around and getting a decent Windows machine, a Samsung Notepad 9, and did a clean install (i.e., wiped Windows entirely) of Ubuntu again. I mean, if I'm going to learn Linux properly, might as well do it completely in one distro before branching out too much. The installation process was pretty painless—seriously, so much easier and more pleasant than setting up a new Windows machine.

So now I'm 100% Linux (and 100% Ubuntu with Gnome), and I'm not looking back. I'm so done with Windows and Mac. Now I'm just looking forward to implementing yet more ways to lock down my cyber-life.

(Wait...100% except for my phone and tablet. At present there is no non-heroic way to own a Linux phone, but I'm still keeping an eye on the Purism Librem 5 and might well take the plunge...)


How to decentralize social media—a brief sketch

The problem about social media is that it is centralized. Centralization empowers massive corporations and governments to steal our privacy and restrict our speech and autonomy.

What should exist are neutral, technical standards and protocols, like the standards and protocols for blogs, email, and the Web. Indeed, many proposed standards already do exist, but none has emerged as a common, dominant standard. Blockchain technology—the technology of decentralization—is perfect for this, but not strictly necessary. Common protocols would enable us to follow public feeds no matter where they are published. We would eventually have our pick of many different apps to view these feeds. We would choose our own terms, not Facebook's or Twitter's, for both publishing and reading.

As things are, if you want to make short public posts to the greatest number of people, you have to go to Twitter, enriching them and letting them monetize your content (and your privacy). Similarly, if you want to make it easy for friends and family to follow your more personal text and other media, you have to go to Facebook. Similarly for various other kinds of content. It just doesn't have to be that way. We could decentralize.

This is a nice dream. But how do we make it happen?

After all, the problem about replacing the giant, abusive social media companies is that you can't replace existing technology without making something so much more awesome that everyone will rush to try it. And the social media giants have zillions of the best programmers in the world. How can we, the little guys, possibly compete?

Well, I've thought of a way the open source software and blockchain communities might actually kick the legs out from under the social media giants. My proposal (briefly sketched) has five parts. The killer feature, which will bring down the giants, is (4):

  1. The open data standards. Create open data standards and protocols, or probably just adopt the best of already-existing ones, for the feeds of posts (and threads, and other data structures) that Twitter, Facebook, etc., uses. I'm not the first to have thought of this; the W3C has worked on the problem. It'd be like RSS, but for various kinds of social media post types.
  2. The publishing/storage platforms. Create reliable ways for people to publish, store, and encrypt (and keep totally secret, if they want) their posts. Such platforms would allow users to control exactly who has access to what content they want to broadcast to the world, and in what form, and they would not have to ask permission from anyone and would not be censorable. (Blockchain companies using IPFS, and in particular Everipedia, could help here and show the way; but any website could publish feeds.)
  3. The feed readers. Just as the RSS standard spawned lots of "reader" and "aggregator" software, so there should be similar feed readers for the various data standards described in (1) and the publishers described in (2). While publishers might have built-in readers (as the social media giants all do), the publishing and reading feature sets need to be kept independent, if you want a completely decentralized system.
  4. The social media browser plugins. Here's the killer feature. Create at least one (could be many competing) browser plugins that enable you to (a) select feeds and then (b) display them alongside a user's Twitter, Facebook, etc., feeds. (This could be an adaptation of Greasemonkey.) In other words, once this feature were available, you could tell your friends: "I'm not on Twitter. But if you want to see my Tweet-like posts appear in your Twitter feed, then simply install this plugin and input my feed address. You'll see my posts pop up just as if they were on Twitter. But they're not! And we can do this because you can control how any website appears to you from your own browser. It's totally legal and it's actually a really good idea." In this way, while you might never look at Twitter or Facebook, you can stay in contact with your friends who are still there—but on your own terms.
  5. The social media feed exporters/APIs. Create easy-to-use software that enables people to publish their Twitter, Facebook, Mastodon, Diaspora, Gab, Minds, etc., feeds via the open data standards. The big social media companies already have APIs, and some of the smaller companies and open projects have standards, but there is no single, common open data standard that everyone uses. That needs to change. If you could publish your Twitter data in terms of such a standard, that would be awesome. Then you could tell your friends: "I'm on Twitter, but I know you're not. You don't have to miss out on my tweets. Just use a tweet reader of your choice (you know—like an old blog/RSS feed reader, but for tweets) and subscribe to my username!

The one-two punch here is the combination of points (1) and (4): First, we get behind decentralized, common social media standards and protocols, and then we use those standards when building plugins that let our friends, who are still using Facebook and Twitter (etc.), see posts that we put on websites like Steemit, Minds, Gab, and Bitchute (not to mention coming Everipedia Network dapps).

The exciting thing about this plan is that no critical mass seems to be needed in order to get people to install the envisioned plugin. All you need is one friend whose short posts you want to see in your Twitter feed, and you might install a plugin that lets you do that. As more and more people do this, there should be a snowball effect. Thus, even a relatively small amount of adoption should create a movement toward decentralization. And then the days of centralized social media will be numbered. We'll look back on the early days of Facebook and Twitter (and YouTube!) as we now do the Robber Barons.

We can look at a later iteration of Everipedia itself as an example. Right now, there is one centralized encyclopedia: Wikipedia. With the Everipedia Network, there will be a protocol that will enable people from all over the web to participate in a much broader project.

I would love to see the various competitors of the social media giants settle on a common standard and otherwise join forces on these sorts of projects. If they do, it will happen, and the days of privacy-stealing, centralized, controlling, Big Brother social media will soon be behind us. We'll return to the superior and individually empowering spirit of the original Internet.

We have to do this, people. This is the future of the Internet. Even if you've given up social media, we should build this for our friends and family who are still toiling in the digital plantations.


18 things about Apple that suck

Apple, why dost thou suck? Let me count the ways:

  1. iTunes, the worst software in the world.
  2. The App Store is a centrally managed walled garden. I can't run apps Apple hasn't approved of on my phone, and on my own computer, I have to give special permission to run programs Apple doesn't like.
  3. iCloud is turned on by default.
  4. Apple brags about how committed to privacy it is, but gives us no credible way of verifying its claims.
  5. I'm forced to use Apple's default software for several features in iOS such as Siri search.
  6. Because Siri works only when you're online, I have to share my voice commands to my phone over the Internet, commands which Apple records, processes, and saves for a long time.
  7. Frequently, Apple's idea of "easy to use" software requires that I take extra steps, and is not particularly easy to use.
  8. Lack of sufficient customization options everywhere. Apple knows best.
  9. OSX is based on BSD, which is FOSS, but OSX is proprietary. They're contemptible free riders.
  10. Steve Jobs is dead and mere mortals now run the company.
  11. The company makes some really dumb decisions like getting rid of the 3.5mm audio jack.
  12. Apple encourages too many push notifications, which, I've decided, are an attention-hogging evil.
  13. Siri isn't very good.
  14. If they were a decent company, they wouldn't practice planned obsolescence, and they sure as hell wouldn't do it so aggressively.
  15. Apple Stores just really, really suck in many ways. That'd be another whole list.
  16. They're overpriced. No, not because they're premium products. When I say they're "overpriced," I don't mean they're expensive. I mean that they are poor value.
  17. Their CEO thinks he has a divine mission to censor wrongthink.
  18. They use a new proprietary image format (HEIC), if you want to airdrop yourself something from your iPhone to your MacBook. Idiots! Ugh, like I'm totally going to get rid of my Mac OS and this is the main reason why!

Much of this can be chalked up to the whole wretched, arrogant "Apple knows best" mentality. Why do we still give these people our money?


Notes on choosing a Linux distro (for Linux geeks only)

I've ditched Windows on my desktop machine. Similarly, I can't keep using macOS on my laptop. I decided to put Linux on it (and dual-boot). I thought it would be a good idea to use a different distro. But which?

I thought I would do my deliberations publicly. So here goes.

If I haven't exactly mastered Ubuntu with Gnome, why not keep working on it? But flavors of Linux are so similar that if you use one, it's not hard to figure out another. So I think it's a good idea for learning purposes to install a different one.

After a fair bit of hunting about, the following caught my eye enough to do some research and take some notes—your mileage may vary, obviously, as our needs and ability levels vary widely. I'll put these in order of how quickly I rejected them (from fastest rejection to slowest).

  • Arch. Nah, that's for advanced users, and I'm not an advanced Linux user (yet).
  • Kali. More privacy-oriented, but not beginner-friendly because it is actually aimed at security experts. I'll have to pass on that.
  • Pop!. The thing that has me considering the new Pop! distro is that it is specially adapted from Ubuntu by System76 (which sells Linux computers) for developers. Its landing page is very persuasive, but after I looked at some videos about it, it just has too much Ubuntu to be a suitably different system. I guess I'll pass on the Ubuntu-based systems; I want to try something different.
  • Debian. One source bills this as especially good for programming; but it is also not really for beginners, and besides, Ubuntu is based on Debian. So...
  • Mint and Deepin. If I'm rejecting Ubuntu-based distros out of hand, these must go; they're Ubuntu-based.
  • Manjaro and Antergos. These Arch-based distros are supposedly easier to install, and might be a good introduction to a more powerful Linux experience.
  • openSUSE Leap. This is a very old distro, and is very polished, well-documented, and stable (at least the Leap distro; Tumbleweed follows a rolling release model and so should be expected to be less stable). One source says it is targeted at developers and has "stringent" security protocols, whatever that means exactly. It's praised for its customizability, and I like the idea that one can pick and choose packages to include on installation.

So, I'm down to Manjaro, Antergos, and openSUSE Leap. I still haven't made up my mind. So maybe you can help me decide, given my basic requirements:

  • Sufficiently different from Ubuntu with Gnome to give me a usefully different Linux experience.
  • Especially excellent for programmers.
  • Stable, established, well-documented.
  • Not advanced. Needn't be very easy-to-use.
  • I place a premium on security.
  • Looks nice. I don't actually enjoy ugly, clunky stuff.
  • Likes: keyboard shortcuts, snapping windows, reasonably easy customizability, cool, well-designed workspace functionality, etc.
  • I don't really want a rolling release distro, assuming that they're rather more open to disruptive problems. I'm too busy to squash trivial bugs others will eventually squash for me.
  • Works on MacBook Pro machine without too much trouble (it's OK if I have to install a driver, I guess).


A plea for protocols

The antidote to the abuses of big tech is the very thing that gave birth to the Internet itself: decentralized, neutral technical protocols.

  1. The thought that inspires
    my work.
    Ever since I started
    work on Nupedia and then Wikipedia, a thought has always
    inspired me: just imagine the stunning possibilities when people
    come together as individuals to share their knowledge, to create
    something much greater than any of them could achieve individually.

  2. The sharing economy. There
    is a general phrase describing this sort of laudable activity: the
    “sharing economy.” The motivations and rewards are different
    when we work to benefit everyone indiscriminately. It worked well
    when Linux and OSS were first developed; then it worked just as well
    with Wikipedia.

  3. The Internet itself is an
    instance of the sharing economy.
    The Internet—its ease of
    communication and publishing together with its decentralized
    nature—is precisely what has made this possible. The Internet is a
    decentralized network of people working together freely, for mutual
    benefit.

  4. The Internet giants have
    abused the sharing economy.
    About ten years ago, this all
    started to change. More and more our sharing behavior has been
    diverted into massive private networks, like Facebook, Twitter, and
    YouTube, that have exerted control and treated contributors as the
    product.

  5. Facebook’s contempt for
    our privacy.
    All you want to do is easily share a picture with
    your family. At first, we thought Facebook’s handling of our
    private data would just be the price we had pay for a really
    powerful and useful service. But over and over, Facebook has shown
    utter contempt for our privacy, and it has recently started
    censoring more and more groups based on their viewpoints. We don’t
    know where this will end.

  6. This aggression will not
    stand, man
    . We need to learn from the success of
    decentralized projects like Linux, open source software, Wikipedia,
    and the neutral technical protocols that define the Internet itself,
    that we don’t have to subject
    ourselves to the tender mercies of the Internet giants.

  7. How.
    How? Just
    think. The Internet is made up of a network of computers that work
    according to communication rules that they have all agreed on. These
    communication rules are called protocols and
    standards.

  8. Protocols
    and standards...
    There
    are protocols and standards
    for transferring
    and displaying
    web pages, for email, for transferring files, and for all the many
    different technologies
    involved.

  9. ...which
    are
    neutral.These
    different standards are neutral. They explicitly don’t care what
    sort of content they carry, and they don’t benefit any person or
    group over another.

  10. We need more
    knowledge-sharing protocols.
    So here’s the thought I want to
    leave you with. You evidently support knowledge sharing, since
    you’re giving people awards for it. Knowledge sharing is so easy
    online precisely because of those neutral technical protocols.
    So—why don’t we invent many, many more neutral Internet
    protocols for the sharing of knowledge?

  11. Blockchain is awesome
    because it creates new technical protocols.
    Probably the biggest
    reason people are excited about blockchain is that it is a
    technology and a movement that gets rid of the need of the Internet
    giants. Blockchain is basically a technology that enables us to
    invent lots and lots of different protocols, for pretty much
    everything.

  12. Why
    not Twitter- and Facebook-like protocols?
    There
    can, and should, be a protocol for
    tweeting without Twitter.
    Why should we have to rely on one company and one website when we
    want to broadcast short messages to the world? That should be
    possible without
    Twitter. Similarly, when we want to share various other tidbits of
    personal information, we should be able to agree on a protocol to
    share
    that ourselves, under our
    own terms—without
    Facebook.

  13. Wikipedia centralizes,
    too.
    Although Wikipedia is an example of decentralized editing,
    it is still centralized in an important way. If you want to
    contribute to the world’s biggest collection of encyclopedia
    articles, you have no choice but to collaborate with, and negotiate
    with, Wikipedians. What if you can single-handedly write a better
    article than Wikipedia’s? Wikipedia offers you no way to get your
    work in front of its readers.

  14. Everipedia,
    an encyclopedia protocol.
    Again,
    there should be a neutral encyclopedia protocol,
    one that allows us to add
    encyclopedia articles
    to a shared database that its creators own and develop, just like
    the Internet itself. That’s why I’m working on Everipedia, which
    is building a blockchain encyclopedia.

This is a little speech I gave to the Rotary Club of Pasadena, in the beautiful Pasadena University Club, January 31, 2019.