I'm Back? Recent Life Events.

Wow... its been a long time since I last posted and a lot has happened in the world!

I could spend pages rehashing the events of the past 6+ years and my opinions and thoughts on them. But I'll spare everyone going over old news. I will however give a brief summary of recent life events.

In August of 2022 my 92 year old father passed away (https://www.legacy.com/us/obituaries/name/theodore-schuck-obituary?id=36294372). He had been suffering from dementia, and my sister and I moved him into an assisted living facility in mid-2021. His health already steadily declining continued. I miss the "old man" and to this day sometimes think of calling him.

Following that, my sister and I had started to take care of various related tasks related to his finances and home when Hurricane Ian struck Punta Gorda. This affected both my dad's home and sister's condo not too far away. First reports were grim, but after family friends were able to both visit the house and gain entry, damage was not as bad as first believed. Still damage, but not an almost total loss as we were first to believe. Unfortunately my sister's condo, again not as bad as first reported, but it was uninhabitable. So, taking care of dad's estate related tasks took a back burner while my sister lived in dad's house while her condo was being repaired.

It was not until earlier this month that my sister was able to move back into her condo. Which means now we get back to focusing on closing out my father's affairs. It has been slow going, but there has been progress. Next major task is getting a general contractor to take a look at what needs to be done on pop's house and start the repairs. The roof, except for the soffits (waiting for materials) was completed already.

In other news, I had my 1989 Harley FXSTS (Springer) made road worthy after being non-operational since 2014! Unfortunately we've had a very wet winter so far here in the SF Bay area, so while I've had it out for a ride a couple time, I have not really been able to enjoy it.

I have also began to think about maybe doing a podcast or vlog. Not that I would stick with a regular schedule, so that may just be whim.

So that's it in a nutshell for now. Back to watching today's NASCAR cup series race in Atlanta.

Hijacking of Minimum Wage

For the past couple years you have all heard or read the term "Living Wage" used alongside discussions and debates on the minimum wage. I am curious, who decided that the minimum wage was meant to be wage that one can live on? As far as I know and remember, that was not the case when I was a young man starting out in the world of employment. In 1978, before I graduated high school, I was flipping burgers at a local chain fast food restaurant. I was making minimum wage at that time, or $2.65 per hour. Also note that this job and many like it  in the time had no other benefits! No paid sick days, no paid vacation days, and no health insurance. When I graduated from high school in 1979 minimum wage was increased to $2.90 per hour. By then I had moved on to a job delivering auto parts for a small independent auto parts store, and was making a decent $5.00 per hour. Still no other benefits, but a decent step above minimum wage. But this isn't about me, it's about minimum wage versus living wage.

In 1979 if you were working full time (40 hours) getting paid minimum wage, you were making just under $120.00 per week. Don't forget, that is before taxes. Not exactly sure what the various tax rates were back then, but after state and federal income tax, FICA, and medicare, you were probably left with about $80.00 (give or take) of take home pay. Do you honestly think that $320 per month was a living wage in 1979?! If you were living on your own you would then have rent, utilities, medical bills, groceries, auto expenses (insurance, gas, maintenance, registration fees), and a host of other miscellaneous expenses. I don't think so. Back in my day, the people my age who were living on their own were either working 60 to 80 hours per week, were getting paid more than minimum wage as they proved to be valuable employees, or both.

So when did minimum wage get hijacked to supposed to mean a living wage? And how did the magic $15.00 per hour figure come about. This Department of Labor chart shows that the 1978/1979 minimum wages are equivalent to about $9.00 per hour in 2012 dollars. That's only 60% of the $15 number we hear tossed about regularly. And hell, in some areas of the country even $15.00 per hour is probably not a living wage. Looking at the chart mentioned you should also pay attention to the first federal minimum wage, a mere $0.25 per hour in 1938. Which is a mere $3.98 in 2012 dollars.

But that's the point. Historically the minimum wage was never meant to be a living wage. Read up on the Fair Labor Standards Act of 1938. The minimum wage is just that, a minimum that employers are directed to pay. For that reason, it is usually the people just entering the work force that are getting paid this minimum. Mostly, it's what an employer will pay someone with no experience, background, etc. Or for jobs that see a lot of turnover, like flipping burgers at a fast food restaurant.

Does this mean I don't believe the minimum wage should be raised at all. No. Looking at the DOL chart again, I believe a minimum wage in the $9.00 to $10.00 range would be a good idea. I just don't believe that it should be construed as a "living wage".

Email Security - Encryption - Part 3

Importing a Certificate from the Web

Overview

You now have the ability to send and receive secure encrypted email messages. You can also send 'signed' email messages, but that is a topic I may cover in a future post. There is a catch. In order to send and receive those encrypted messages, there is a piece of information each party in the conversation has to have from the others. That information or data is their public key. In part 1 of this series I touched on symmetric versus asymmetric encryption. In asymmetric encryption there are two pieces to the key (often referred to as a "key pair"). The first part is what is called your private key. Typically this is also protected with a passphrase. You should never share this part of the key, and some choose to store it on removable media like a flash drive (in the old days your private keys may have been on a floppy disk). The second part of the key is called your public key. This can be shared and there are a few places on the web that these public keys can be uploaded to for easier sharing. Getting someone's public key from one of these repositories is the subject of this post.

Importing a Public Key

If it's not already open, from the Windows Start Menu, start Kleopatra. You should see the certificate you created in part 2 displayed in the "My Certificates" tab.

Kleopatra Main Window

A new installation of Kleopatra will need to be configured with one of the online repositories of PGP (or GnuPG or OpenPGP) certificates. Click the "Settings" menu and select "Configure Kleopatra". The configuration window will open.

Kleopatra Configuration Window

Click on the "New" button on the right hand side of the screen. A line with the default key server will appear in the window.

Kleopatra Directory services (key servers) Window

Click on "OK" and you will return to the main window.

Now that a key server has been defined, we can search for a public key to import to our 'keyring'. In this example we will look up s certificate for one of my email addresses (used for when I suspect I may receive spam when filling out forms on the web).

Select the "File" top menu and then "Lookup Certificates on Server" or press Ctrl-Shift-I. This will bring up the Certificate Lookup Window.

Certificate Lookup Window

In the "Find" field box at the top type "sponge.com" (without the quotes). Then click on the "Search button". You will be presented with a list of possible matches. Select the entry "Bruce Schuck bruce@sponge.com 2002-04-27" and finally click on "Import". You can now close Kleopatra.

Summary

I know that some readers want to get right to it, but I wanted to leave some time between each post for people to install and maybe experiment a little with the GPG4Win application. There are two other  usual ways that public keys can be imported. One is a more manual process that involves getting a person's public key directly, and the other is tied to when a PGP signed email is received from someone you do not yet have a public key for. I think I will cover those methods after I show you how to send an encrypted email using Thunderbird.

Related Posts

• Email Security Encryption Part 1
• Email Security Encryption Part 2

Email Security - Encryption - Part 2

Creating a GnuPG Key

Overview

Part 1 summarized the two common public key technologies (aka PKI for Public Key Infrastructure) used to secure email communications. Here in Part 2 I will take you through the steps to generate your own GnuPG key pair on the Microsoft Windows Operating System. Why GnuPG and not PGP? For the most part the two are interchangeable. Since GnuPG is freely available, I decided to demonstrate it first. One drawback of the GnuPG, is that it does not integrate seamlessly into 64-bit versions of Microsoft Outlook. Because of this, I will first show how to enable Thunderbird to send and receive encrypted email messages.

Installing GnuPG on Windows

Please note that I used Windows 7 Enterprise in this example.

In your browser, navigate to http://gpg4win.org/.

http://gpg4win.org/

Click on "Download Gpg4win". You should be at this page. At the time of this post, the current version is 2.2.5.

http://gpg4win.org/download.html

Now click on the uppermost download button. You will be presented with the dialogue box asking if you want to save the file or run (execute) the file.

Save Dialogue

Select 'Run' and accept the default actions of any dialogue box presented during the installation process. If successful, the last screen displayed should be this.

Gpg4win Wizard Complete

Please unselect the "Show the README file" and then click "Finish". At this time you have successfully installed a Windows version of GnuPG on your computer.

Creating a GnuPG key

The installation of Gpg4win installed the Kleopatra key management tool as one of the components. Navigate through the start menu and launch Kleopatra. The path through the menus should be "Start -> All Programs -> Gpg4win -> Kleopatra".

Kleopatra Main Window

Start the new certificate process by selecting File -> New Certificate from the top menu or by typing Ctrl-N (press Control-Key and 'N' key simultaneously). You will be presented with a dialogue to choose the certificate format.

Certificate Format

Choose "Create a personal OpenPGP pair", and click on Next. On the next screen you will enter details about your certificate.

Certificate Detail Form

Two of the three fields on this form are required. Fill in the Name and EMail fields with your name (usually full name) and email address. You can use the Comment field for any purpose. Some people may choose "Work" or "Home" for this field. For the time being we will not need to be concerned with any of the Advanced Settings. When you have filled in the fields, click on Next.

Certificate Review

On the Review Certificate Parameters screen you can confirm the values of the fields entered on the previous form. If no corrections are necessary, click on Create Key. During the key creation you may be asked to move the mouse pointer or type in random characters. When the key pair is generated, you should the following screen.

Certificate Complete

Congratulations! You have successfully generated an OpenGPG key pair. When you click on Finish, you will be returned to Kleopatra's main screen and see your certificate listed in the window.

Summary

While composing these steps I realized that if you are following these steps you may not know someone that you can send and receive test messages with. So before we move on to configuring an email client (Thunderbird) to utilize GnuPG, I should go over how to import someone's public key to your keyring. There are a few ways to accomplish that, and that will be covered next in Part 3.

Related Posts

• Email Security Encryption Part 1

Email Security - Encryption - Part 1

Email Security and Privacy

Introduction

We have seen communication over the internet expand over the last 20 years. Once it was just the realm of those in academia and science. Today nearly everyone uses the internet regularly to communicate with others. Along with this rise in popularity has been a heightened concern for privacy and security. People (and businesses) want to be able to communicate and not fear hackers or even their own government. From all the clamor we see related to how our content and messages are used by the social media sites, and how various laws affect what the government can access with or without a warrant, you would think that there are no safeguards available to combat perceived or real threats to our privacy. But fortunately, that perception is without merit.

Encryption

The perception is without merit because it is possible to secure your email so that only the intended recipient(s) can view it using encryption. Better news is that this is easier to accomplish than you might believe. There are actually two types of encryption that can be utilized, symmetric and asymmetric encryption. The details of these are beyond the scope of this blog, but for more information please visit http://resources.infosecinstitute.com/symmetric-asymmetric-encryption/. Here we are going to focus on asymmetric encryption and using it to send and receive email securely.

SSL (S/MIME) and PGP (or GnuPG)

There are two main methods to send and receive secure email. Most modern email clients (Outlook, Thunderbird, Evolution, etc) natively support one or both methods. You don't need to understand the technology beneath these two systems, only how they differ with respect to setting up and using your email client.

SSL (S/SMIME)

When an email client uses SSL to secure messages, it is also called S/MIME. This encryption (and electronic signing) is very similar to how web sites using HTTPS are encrypted. The certificates used are commonly purchased from a known vendor of SSL Certificates. Examples of these companies are Thawte, Digicert, and Verisign. A source of free SSL certificates is CAcert, but its root certificates are not usually included in the bundles that come with operating systems and software. If desired (especially for testing), those of you who are more technical could create your own certificates using OpenSSL.

PGP (or GnuPG)

PGP stands for Pretty Good Privacy. First written and released as freeware, it has since become commercialized, now part of Symantec. Some older versions of PGP can be found at http://www.pgpi.org/. The most common current opensource derivative is GnuPG or GNU Privacy Guard. PGP was originally created to securely store messages and files on bulletin board systems (BBS) in 1991.

Summary

We will start getting into the details of using these technologies to secure email communications in part 2 of this series. For now, please take some time to visit some of the links posted above to learn more. Feel free to post comments or questions.

Thank you.

Related Posts

• Email Security - Encryption - Part 2

64 Bit Ubuntu and 32 bit Check Point SSL Network Extender

Recently I decided to change the operating system on my home Linux desktop to Ubuntu. I have been running OpenSuSE for a while since the prevalent OS at my last gig was SLES or SuSE Enterprise Linux (before that I was running Solaris x86). The current LTS version of Ubuntu is 14.04. I saw no reason to install the 32-bit version, so I downloaded and installed the 64-bit OS.

The installation of Ubuntu Desktop is straightforward, but unless I missed something you cannot select what packages and software are included during the initial install.

The VPN we use at work provided through a Check Point appliance. For Mac OSX and Linux operating systems you have to download the installation script from the "Settings" link after logging in to the web portal, or from the Check Point website. Having an older unit, the script installs a 32-bit version of the Check Point SSL Network Extender also simply known as 'snx'.

Everything seems to be simple and easy until you attempt to execute 'snx' (gets installed to /usr/bin/snx). What you see is something like:

$ snx -h
bash: /usr/bin/snx: No such file or directory

An 'ls' command will prove the file does in fact exist, but attempting to execute 'ldd' to see what libraries it may be looking for adds to the mystery.

$ ldd /usr/bin/snx
  not a dynamic executable

I did some digging and found that the default 64-bit install of Ubuntu 14.04 does not include any 32-bit libraries. Using 'apt-get' I installed the 32-bit version of a few of the "standard" libraries. I don't know which one it was, but now the output of 'ldd' listed libraries and which ones were not found. To save you some time here are the libraries I needed to install to get the Check Point SSL Network Extender to work.

• lib32stdc++6
• lib32z1
• lib32objc3
• lib32readline6
• lib32gcc1
• libX11-6:i386
• libpam0g:i386
• libstdc++5:i386 

Easily done with one command:

# apt-get -y install lib32stdc++6 lib32z1 lib32objc3 lib32readline6 lib32gcc1 libX11-6:i386 libpam0g:i386 libstdc++5:i386

It wasn't too hard to figure out, but if this helps a few people save time it was worth the effort to create this post.

Related Links

• Ubuntu - http://www.ubuntu.com/
• Check Point - http://www.checkpoint.com/
• Check Point Remote Access (VPN) Clients

Is it July already?

Once again, quite a long time has elapsed since my last post. A little over half a year since my New Years Day post for 2014. I'd like to say that the reason I haven't posted is that I've been extremely busy and preoccupied with other things, but that is not the case. However the year so far has had some noteworthy events to share with you all.

Since the last post, the one year anniversary of my time here at Echostar/Sling passed. Along with a fairly decent annual review and raise. I am definitely enjoying my time here, and still believe that getting laid off from my Northrop Grumman position was a blessing in disguise.

My one year anniversary at Echostar is noteworthy, but so far the highlight of the year (and perhaps the last couple years) is something that I would never have thought possible a few years back. It pretty much deserves its own post, so I will only touch upon it here. Last month, June, my daughter Reagan came to California for a visit. In her 13 years, this was the first time that I had the opportunity to spend time with just my daughter. I'll expand on her visit in another post, but overall it was a pretty good time.

That said, there is still not much else new. Still putting off getting my hip surgery, and two of the three motorcycles still need repair of some degree. Hell, the Dyna even now seems to be starting to make a little top end noise. At 36k miles, it likely needs a valve adjustment and perhaps a look at the cam chain. But, if I do one thing well, it's procrastinate.

That's about it for now. Hopefully I'll have some time to write about Reagan's visit sooner rather than later. Until then, take care and enjoy the day.