Vol. 31   number 4   April 2014
The newsletter of the Ottawa PC Users' Group

Calendar

OPCUG General Meeting
National Museum of Science and Technology
1867 St. Laurent Blvd.
Second (*first) Wednesday of each month, 7:30pm

2014: Jan 8, Feb 12, Mar 12, Apr 9, May 14, Jun 11

Beginner SIG
After the OPCUG General Meeting, at the Museum.

Linux SIG
After the OPCUG General Meeting, at the Museum.

Beer BOF (Wing SIG East), after all the SIGs, at 10 p.m.
Liam Maguire's, 1705 St. Laurent Blvd. at Innes Rd.

Please note that unless otherwise noted, SIGs meet at 9:00 p.m. 
(immediately following the OPCUG General Meeting).

____________________________

Coming Up...
Wednesday, April 9, 2014

Topic: Business Intelligence, Big Data and Your Privacy
Speaker: Bob Walker, OPCUG

Business Intelligence, Big Data and Your Privacy: More and more 
companies and organizations are using more and more advanced techniques 
to find out more and more about YOU. Find out what they are up to.

May 14
GIS by Jason Barney, City of Ottawa, and Robert Giggey, City’s Open Data 
initiative and Apps4Ottawa program.

June 11
Pizza Night + "Web Comics" by Mark Shainblum, creator of Northguard

More detail is available on the OPCUG website at http://opcug.ca. Just 
click on the MEETINGS button.

____________________________

April Raffle

For the April raffle, we have a Belkin wireless keyboard.
This quiet keyboard with comfort palm rests features 17 multi-media hot 
keys. It has a 2.4GHz USB nano receiver and will work up to 32 feet away 
from any PC or Mac with a USB port.

For details, see http://belkinbusiness.com/products/f5k007
Tickets are, as always, a good deal at $1 for one, a great deal at $2 
for three or the unbelievable bargain of $5 for ten!

____________________________

Bob Bergquist was the lucky winner of the Ubislate Android Tablet 
offered as our raffle prize at the March meeting of the OPCUG.  Congrats 
Bob!

____________________________

Windows XP migration tool
by Chris Taylor

So your trusty computer has been running Windows XP for many years, but 
faced with the end-of-life of Windows XP, you decided to buy a shiny new 
Windows 7 or (perhaps more likely) Windows 8 PC. Now you are faced with 
the somewhat daunting task of getting all your data files, programs and 
settings over to the new computer.

Microsoft has partnered with Laplink to provide a free migration tool 
called PCmover Express for Windows XP, which can take care of 2 of those 
three items; data files and settings. Unfortunately, you still have to 
re-install all your programs on the new computer.

For details, see the Windows Experience Blog at http://bit.ly/1hY22bj

Kudos to Microsoft and Laplink for providing this tool for free.

For those willing to shell out a few dollars, Laplink has PCmover 
Professional for XP Users, which in addition to data files and settings, 
can transfer your programs! It is available for US$23.95 – a 60% 
discount. See http://bit.ly/1cauUip

____________________________

Programming Tip
by Chris Taylor

I was reading some articles on TechRepublic and came across a title that 
intrigued me – “The greatest programming tip ever written”

Although I really don't program any more, it is always interesting to 
pick up tidbits and this sounded like a good one.

I read the article and the tip was “Always code as if the person who 
will maintain your code is a maniac serial killer that knows where you 
live.”

It reminded me of Microsoft's WSYP (We Share Your Pain) program. If you 
have not seen the video, check it out.

http://www.youtube.com/watch?v=D28FkfJiauk

Who says Microsoft doesn’t have a sense of humour?

____________________________

Product Review
Exploring Linux – Part 24
by Alan German

Over the years, I have struggled with the variety of digital image tools 
provided with default installations of Ubuntu.  I never liked image 
viewers that wouldn't show me thumbnails of all the pictures in a given 
folder, or those that did not give me quick access to a simple editor in 
order to crop an image or make a slight change to its brightness.  And, 
I simply hated photo managers that insisted on arranging my pictures 
chronologically, rather than having one folder hold all the pictures 
from a specific trip.

In fact, the only reason that I didn't undertake a systematic search for 
an appropriate alternative was that – horrors –  Zoner Photo Studio Free 
(http://opcug.ca/public/Reviews/zoner.htm), in the (dual-boot) Windows' 
world, provided everything I needed.  However, I recently came across 
gThumb, a Gnome-based image viewer, and found that this was my new Linux 
tool of choice.

Interestingly, this all came about after I read a glowing review of Mint 
14 with the Cinnamon user interface.  I downloaded Mint and installed it 
on a bootable USB memory stick.  In trying out this distro, I discovered 
that Mint's default image viewer is gThumb.  I liked my “preview” of 
this package so much I decided to install it on my production Ubuntu system.

The basic image viewer shows thumbnails of all the images in a selected 
folder, together with a tree directory of available folders in the left 
sidebar.  The size of the thumbnails, and the information displayed 
alongside each (e.g. file name), are configurable.  Similarly, 
double-clicking on a specific image can be set to display the image so 
as to fill program's window.  Icons are available to show an extensive 
list of the image's properties, or to open an image editor in order to 
modify the actual image.  While the available editing tools are not 
exhaustive, many useful items are provided, including  brightness, 
contrast and colour adjustment; image cropping, resizing and rotation; 
and red-eye removal.

Images can be downloaded from a digital camera although, in  my view, 
this process isn't perfect.  While a folder can be specified to hold all 
of the downloaded images, the program still creates a sub-folder, named 
with the current date and time, and places all of the images inside this 
sub-folder.  However, it's now a simple matter to transfer all of the 
downloaded files into a specific folder of the user's choice.  This is 
certainly much easier than having to combine files from multiple “days” 
into a single, user-defined folder.

The program has a multitude of other features including the ability to 
create slideshows; to export photographs to social-media sites or 
web-based photo-albums; burn them to optical disks; or to print contact 
sheets.  Many of these options are provided as plug-in extensions and 
additional features are available through this mechanism.

The program is highly configurable simply by editing a “preferences” 
menu.  For example, one really useful feature, where screen real-estate 
is at a premium, is to change the location for the group of thumbnails 
that is displayed in the image viewer.  By default, these thumbnails are 
shown across the bottom of the window; however, this severely restricts 
the height – and hence the overall size – at which the image selected is 
displayed.  Switching the location to be “on the side” easily resolves 
this issue.

So, for my way of working with digital images, gThumb is certainly a keeper!

Bottom Line:
gThumb (Open-source)
Version 2.14.3
Author: Paolo Bacchilega
https://live.gnome.org/gthumb

____________________________

Outside Article
Schneier on Security
A blog covering security and security technology.

March 3, 2014
Choosing Secure Passwords
https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html

As insecure as passwords generally are, they're not going away anytime 
soon. Every year you have more and more passwords to deal with, and 
every year they get easier and easier to break. You need a strategy.

The best way to explain how to choose a good password is to explain how 
they're broken. The general attack model is what's known as an offline 
password-guessing attack. In this scenario, the attacker gets a file of 
encrypted passwords from somewhere people want to authenticate to. His 
goal is to turn that encrypted file into unencrypted passwords he can 
use to authenticate himself. He does this by guessing passwords, and 
then seeing if they're correct. He can try guesses as fast as his 
computer will process them -- and he can parallelize the attack -- and 
gets immediate confirmation if he guesses correctly. Yes, there are ways 
to foil this attack, and that's why we can still have four-digit PINs on 
ATM cards, but it's the correct model for breaking passwords.

There are commercial programs that do password cracking, sold primarily 
to police departments. There are also hacker tools that do the same 
thing. And they're really good.

The efficiency of password cracking depends on two largely independent 
things: power and efficiency.

Power is simply computing power. As computers have become faster, 
they're able to test more passwords per second; one program advertises 
eight million per second. These crackers might run for days, on many 
machines simultaneously. For a high-profile police case, they might run 
for months.

Efficiency is the ability to guess passwords cleverly. It doesn't make 
sense to run through every eight-letter combination from "aaaaaaaa" to 
"zzzzzzzz" in order. That's 200 billion possible passwords, most of them 
very unlikely. Password crackers try the most common passwords first.

A typical password consists of a root plus an appendage. The root isn't 
necessarily a dictionary word, but it's usually something pronounceable. 
An appendage is either a suffix (90% of the time) or a prefix (10% of 
the time). One cracking program I saw started with a dictionary of about 
1,000 common passwords, things like "letmein," "temp," "123456," and so 
on. Then it tested them each with about 100 common suffix appendages: 
"1," "4u," "69," "abc," "!," and so on. It recovered about a quarter of 
all passwords with just these 100,000 combinations.

Crackers use different dictionaries: English words, names, foreign 
words, phonetic patterns and so on for roots; two digits, dates, single 
symbols and so on for appendages. They run the dictionaries with various 
capitalizations and common substitutions: "$" for "s", "@@" for "a," "1" 
for "l" and so on. This guessing strategy quickly breaks about 
two-thirds of all passwords.

Modern password crackers combine different words from their dictionaries:
What was remarkable about all three cracking sessions were the types of 
plains that got revealed. They included passcodes such as 
"k1araj0hns0n," "Sh1a-labe0uf," "Apr!l221973," "Qbesancon321," 
"DG091101%," "@@Yourmom69," "ilovetofunot," "windermere2313," 
"tmdmmj17," and "BandGeek2014." Also included in the list: "all of the 
lights" (yes, spaces are allowed on many sites), "i hate hackers," 
"allineedislove," "ilovemySister31," "iloveyousomuch," 
"Philippians4:13," "Philippians4:6-7," and "qeadzcwrsfxv1331." 
"gonefishing1125" was another password Steube saw appear on his computer 
screen. Seconds after it was cracked, he noted, "You won't ever find it 
using brute force."

This is why the oft-cited XKCD scheme for generating passwords -- string 
together individual words like "correcthorsebatterystaple" -- is no 
longer good advice. The password crackers are on to this trick.

The attacker will feed any personal information he has access to about 
the password creator into the password crackers. A good password cracker 
will test names and addresses from the address book, meaningful dates, 
and any other personal information it has. Postal codes are common 
appendages. If it can, the guesser will index the target hard drive and 
create a dictionary that includes every printable string, including 
deleted files. If you ever saved an e-mail with your password, or kept 
it in an obscure file somewhere, or if your program ever stored it in 
memory, this process will grab it. And it will speed the process of 
recovering your password.

Last year, Ars Technica gave three experts a 16,000-entry encrypted 
password file, and asked them to break as many as possible. The winner 
got 90% of them, the loser 62% -- in a few hours. It's the same sort of 
thing we saw in 2012, 2007, and earlier. If there's any new news, it's 
that this kind of thing is getting easier faster than people think.

Pretty much anything that can be remembered can be cracked.

There's still one scheme that works. Back in 2008, I described the 
"Schneier scheme":
So if you want your password to be hard to guess, you should choose 
something that this process will miss. My advice is to take a sentence 
and turn it into a password. Something like "This little piggy went to 
market" might become "tlpWENT2m". That nine-character password won't be 
in anyone's dictionary. Of course, don't use this one, because I've 
written about it. Choose your own sentence -- something personal.

Here are some examples:
? WIw7,mstmsritt... = When I was seven, my sister threw my stuffed 
rabbit in the toilet.
? Wow...doestcst = Wow, does that couch smell terrible.
? Ltime@@go-inag~faaa! = Long time ago in a galaxy not far away at all.
? uTVM,TPw55:utvm,tpwstillsecure = Until this very moment, these 
passwords were still secure.

You get the idea. Combine a personally memorable sentence with some 
personally memorable tricks to modify that sentence into a password to 
create a lengthy password. Of course, the site has to accept all of 
those non-alpha-numeric characters and an arbitrarily long password. 
Otherwise, it's much harder.

Even better is to use random unmemorable alphanumeric passwords (with 
symbols, if the site will allow them), and a password manager like 
Password Safe to create and store them. Password Safe includes a random 
password generation function. Tell it how many characters you want -- 
twelve is my default -- and it'll give you passwords like y.)v_|.7)7Bl, 
B3h4_[%}kgv), and QG6,FN4nFAm_. The program supports cut and paste, so 
you're not actually typing those characters very much. I'm recommending 
Password Safe for Windows because I wrote the first version, know the 
person currently in charge of the code, and trust its security. There 
are ports of Password Safe to other OSs, but I had nothing to do with 
those. There are also other password managers out there, if you want to 
shop around.

There's more to passwords than simply choosing a good one:
1. Never reuse a password you care about. Even if you choose a secure 
password, the site it's for could leak it because of its own 
incompetence. You don't want someone who gets your password for one 
application or site to be able to use it for another.
2. Don't bother updating your password regularly. Sites that require 
90-day -- or whatever -- password upgrades do more harm than good. 
Unless you think your password might be compromised, don't change it.
3. Beware the "secret question." You don't want a backup system for when 
you forget your password to be easier to break than your password. 
Really, it's smart to use a password manager. Or to write your passwords 
down on a piece of paper and secure that piece of paper.
4. One more piece of advice: if a site offers two-factor authentication, 
seriously consider using it. It's almost certainly a security improvement.

This essay previously appeared on BoingBoing.
Tags: cracking, essays, passwords, security awareness, usability
Posted on March 3, 2014 at 7:48 AM

Reprinted with permission

____________________________

OPCUG Free Software Guide – Part 47
Compiled by Alan German

This guide features an annotated list of free computer programs.  The 
software mentioned has not been reviewed (except where noted) nor have 
any tests necessarily been conducted.  Consequently, no guarantees are 
provided that the individual programs will perform as described.  Rather 
the list of available software is provided for the information of our 
members who may find one or more of the programs useful.

Screamer Radio
There are literally thousands of radio stations on the Internet for you 
to enjoy. Trouble is they can be a little hard to find.  Screamer Radio 
tries to fix this by collecting many of them in one place.
Web Site:  http://www.screamer-radio.com/

CutePDF Writer
CutePDF Writer installs itself as a "printer subsystem" and  enables 
virtually any Windows application to create professional-quality PDF 
documents. Free for commercial and non-commercial use, with no 
watermarks, and no pop-up web ads!
Current Release:  Version 3.0
Web Site:  http://preview.tinyurl.com/2scjk

File Renamer Basic
With this program, you can rename entire directories and subdirectories 
of files at once with a powerful preview tool. File Renamer is perfect 
for renaming digital photos. Select the pictures you want to rename, 
choose and apply the new file name scheme, and you are done! It's that 
easy!
Current Release:  Version 6.0.3
Web Site: http://preview.tinyurl.com/zravr

EaseUS Partition Master Free
This free disk management utility allows you to easily create and extend 
partitions on  MBR and GUID partition table (GPT) disks.  Supports 
Windows 8/7/Vista/XP/2000.  Partition Master can also change labels, 
defragment disk and partitions, check partitions, and create bootable CDs.
Current Release:  Version 9.3
Web Site:  http://preview.tinyurl.com/nkc3avh

Should I remove it?
This utility shows the programs installed on your computer and lets you 
quickly determine which can be safely removed.  Specific programs are 
ranked according to the degree that other users have uninstalled them.
Current Release:  Version 1.0.4.27527
Web Site:  http://www.shouldiremoveit.com/

RocketDock
Add an OS X-like dock to your desktop.  RocketDock lets you add icons to 
run applications from the dock.  You can also add  minimized windows - 
with real-time previews of running movies!
Current Release:  Version 1.3.0
Web Site:  http://rocketdock.com/

BgInfo
This utility automatically displays relevant information about a Windows 
computer on the desktop's background.  The information can include the 
computer name, IP address, service pack version, and more. You can edit 
any field as well as the font and background colors.
Current Release:  Version 4.20
Web Site:  http://preview.tinyurl.com/2nbxmd

____________________________


OTTAWA PC NEWS

Ottawa PC News is the newsletter of the Ottawa PC Users' Group (OPCUG), 
and is published monthly except in July and August. The opinions 
expressed in this newsletter may not necessarily represent the views of 
the club or its members.

Member participation is encouraged! If you would like to contribute an 
article to Ottawa PC News, please submit it to the newsletter editor 
(contact info below). Deadline for submissions is three Saturdays before 
the General Meeting.

Group meetings

OPCUG normally meets on the second Wednesday in the month, except in 
July and August, at the National Museum of Science and Technology, 1867 
St. Laurent Blvd, Ottawa. Meetings are 7:30-9:00 p.m. and Special 
Interest Groups go until 10 p.m.

Fees:
    OPCUG annual membership: $25 per year.
Mailing address:
    3 Thatcher St., Nepean, Ontario, K2G 1S6
Web address:
    http://opcug.ca/
Bulletin Board - PUB II (BBS):
    http://opcug.ca/default.htm
Follow us on Twitter:
    http://twitter.com/opcug

President and System Administrator:
    Chris Taylor, chris.taylor@@opcug.ca, 613 727-5453
Meeting Coordinator:
    (Mr.) Jocelyn Doire, Jocelyn.Doire@@opcug.ca
Treasurer:
    Alan German, alan.german@@opcug.ca
Secretary:
    Gail Eagen, gail.Eagen@@opcug.ca
Membership Chairman:
    Mark Cayer, Mark.Cayer@@opcug.ca, 613 823-0354
Newsletter:
    Brigitte Lord, Brigittelord@@opcug.ca
    Email: (Mr.) Jocelyn Doire, Jocelyn.Doire@@opcug.ca
Public Relations:
    Jeff Dubois, PR@@opcug.ca, 613-366-7936
Facilities:
    Bob Walker, 613 489-2084
Webmaster:
    Brigitte Lord, opcug-webmaster2@@opcug.ca
Privacy Director:
    Wayne Houston, privacy2@@opcug.ca
Special Events Coordinator:
    Bob Gowan, bob.gowan@@opcug.ca
Beginners' SIG Coordinator:
    Chris Taylor, chris.taylor@@opcug.ca, 613 727-5453
Linux / Open-Source software SIG:
    (vacant)

Note: We added an extra "@@" to the emails to reduce spam.

Parking:
Ample parking is available for a flat fee of 3$ after 5pm, paid in 
advance. Payment methods includes coins, VISA, and MasterCard, and the 
proof of payment must be left in the car and be visible in the front 
windshield. We will refund the parking fee for our speakers. For those 
who don't mind a couple of minutes easy stroll, there is free parking 
just before the museum along Gladwin Crescent.

(c) OPCUG 2014. Reprints permission is granted* to non-profit 
organizations, provided credits is given to the author and The Ottawa PC 
News. OPCUG request a copy of the newsletter in which reprints appear.

*Permission is granted only for articles written by OPCUG members, and 
not copyrighted by the author.

____________________________

Newsletter by email:
To receive the newsletter by e-mail, send a message to 
listserve@@opcug.ca with the plain text "subscribe NewsletterTXT" or 
"subscribe NewsletterPDF" (without quotes) in the body of the message. 
No subject line is required.
To cancel e-mailing, send a message to listserve@@opcug.ca with the 
plain text "unsubscribe NewsletterTXT" or "unsubscribe NewsletterPDF" 
(without quotes).
To change your e-mail address, cancel using the old e-mail address and 
re-subscribe using your new e-mail address.

Cancelling the Paper Newsletter:
You can help the environment and save us some costs by sending an email 
to Mark.Cayer@@opcug.ca asking to cancel the delivery of the paper 
version of the newsletter (or ask him in person - Mark is usually at the 
back of the auditorium at General Meetings).

Announcements Mailing List:
To subscribe to the Announcements List send an email to 
listserve@@opcug.ca, leave the subject blank and in the body of the 
message put "subscribe announcements" (without the quotes). Within a 
couple of minutes you will receive a confirmation message from the list 
server.

OPCUG clock/calendar/calculator and mug:
Check out the clock/calendar/calculator and thermal coffee mug sporting 
our club logo at the back of the auditorium at General Meetings! OPCUG 
insulated mugs are $15 and OPCUG clocks are $20.

Reuse, recycle:
Bring your old computer books, software, hardware, and paraphernalia you 
want to GIVE AWAY to the general meetings, and leave them at the table 
near the auditorium's entrance. Please limit your magazines to 
publication dates of less than two years old. If you don't bring 
something, you may want to TAKE AWAY something of interest, so look in 
on this area.

Please note: If you bring anything for the recycle table, you are 
responsible to check on your way out and if the items you brought are 
still there, you must take them home with you.