Como Marcar Teléfonos en México Sin Tener Que Recordar El Operador

Lost teléfonos fijos en México cambiarán su modo de marcar a partir del 1º de enero 2015.  El nuevo sistema reemplazará a LADA.

El nuevo sistema, sin embargo, es incómodo y requiere recordar el operador (01 o 02), y utiliza lógica diferente para llamadas nacionales a teléfonos fijos, a teléfonos móviles, o llamadas internacionales (01, 02, 044, 00…  ¡Ugh!).  Esta guía muestra como marcar directamente a cualquier número en México desde cualquier teléfono móvil en México o desde el extranjero.

Notación Internacional de Números Telefónicos

Los teclados (virtuales o físicos) de teléfono móvil muestran el símbolo de (+).  Este número es para marcar el código del país.  Algunos códigos comunes son:

• Estados Unidos = +1
• Rusia = +7
• Francia = +33
• España = +36
• México = +52

Los números internacionales utilizan esta convención:

• +número del país
• código de localidad, area, o ciudad
• número deseado

El símbolo de (+) se genera apretando el botón correspondiente en el teléfono (usualmente el cero) por uno o dos segundos.

¡Fácil!

Como Marcar en México

Para marcar los números a líneas de tierra solo hay que marcar como en este ejemplo en Celaya, Gto.:

Los teléfonos móviles están en un sistema no homologado (por eso hay que marcar ese 044 que en otros países no tiene sentido) con el resto del sistema telefónico.  Para llamar por sistema internacional, hay que agregar un dígito 1 antes del código de localidad:

Esto funciona igual para los números extra largos de la Cd. de México:

El hábito de marcar usando el código internacional es más fácil a largo plazo, porque aparte del 1 extra para los teléfonos móviles, es igual en todo el mundo.  El sistema mexicano deberá mantenerlo en el futuro para interconectar con otros países, sin importar si cambian otra vez los códigos internos.

¡Suerte!

Google Off The Record Is Crap (and HOWTO Fix It for Non-Techies)

Google Off The Record/Turn History Off functionality is crap.  Hangouts and Chat offer a misleading “off the record” or “turn history off” feature that prevents conversations from being logged for future reference.  This feature is enough only for providing a false sense of security.  It’s like riding a motorcycle wearing a propeller beany instead of a full face helmet.

Although the users’ conversations aren’t preserved for posterity in their own history, there is every chance that Google vectorizes and stores the conversations as they flow through their systems.  Google may analyze the data for targeted advertising.  The conversations can also be produced in response to a governmental coercive request.

Off-The-Record Messaging vs Bogus Google “Off the Record”

OTR, or Off-the-Record Messaging (technical link) is privacy software that provides:

• Encryption:  nobody other than you and the other party in the conversation can read your messages
• Deniability:  the messages themselves don’t have digital signatures that a 3rd-party could verify, while you and the other participant in a conversation can be assured that what you see is unmodified and authentic
• Authentication:  you are sure that the other person in the conversation is who you think it is
• Perfect forward secrecy:  if the private keys are lost, no previous conversations can be compromised

Google’s Turn History Off function, at best, only provides the ability to NOT log a conversation between you and the other correspondent while communicating over a secure channel.  The conversation is NOT off the record.  It’s just not logged in a way that users can see it.

The conversation and the participants could be compromised in a huge number of ways:

1. Google can read your conversation
2. It’s impossible to verify the participants’ identities
3. Past communications are not secure
4. The code isn’t open to independent review
5. The security design (or lack thereof) isn’t documented anywhere

The good news?  Real OTR is an alternative that works with all major text chat clients (including Adium for OS X, Pidgin for Linux, and Trillian for Windows), and with all the most popular chat protocols, including Google Hangouts/Chat, AIM, Yahoo! Messenger, Jabber, etc.  This is important because most of these protocols have serious security issues according to the respected EFF Secure Messaging Scorecard:

Using OTR With Google Services

The only pre-requisite for using OTR is that all participants in a conversation have an OTR-capable client.

Install a chat client that works for your system:

• Adium for OS X
• Pidgin for Linux
• Trillian for Windows; Trillian requires installation of a 3rd-party OTR plug-in

Define your end-user account for this system:

Then click on the “secure conversation” icon for your client (the “lock” in Adium for our examples; this may be different if you’re using a different client.

The OTR software will show you the other party’s fingerprint, a code unique to the conversation participants.

If you’re concerned about security, ask the other party what their digital fingerprint is through a different medium (quick phone call or personal exchange).  In most cases you can accept the fingerprint as-is, especially if you know the other party well, and can validate that they are who they say they are during the encrypted private conversation.

The conversation will be encrypted from that point onward, and you can have a reasonable level of comfort that prying eyes won’t be able to see what you’re talking about.

A Word About Logging

Some instant messaging clients keep conversation logs by default.  Ensure that you disable this functionality in yours.

Conclusion

Don’t use Google Hangouts or Chat’s off-the-record bogus feature if you are even a tiny bit concerned about the security of your conversation or your own personal safety.  Find an OTR client that you like (there are many out there for every desktop and mobile platform that you can name) and use it with Google Hangouts, Google Chat, or any other of your favorite chat systems.

Edit:  A friend pointed out that Google Hangouts appears to be disabled in my Google services configuration (no surprise there, since I don’t use their services).  Google Hangouts screens look a wee bit different, and they’ve changed the name of the feature to Turn History Off.  Regardless of what it’s called, it’s still not safe to send important information through their services without OTR.

The Crazy Story of My AT&T $50/mo Mobile Unlimited Data Plan

I had an AT&T unlimited data plan. The real thing, not the one that got the company in hot water with the FTC.  And it cost only $50/mo plus taxes.  I was a very happy customer until 02.Oct.2014, when they notified me they’d kill it at the end of the month.  This is the story of how I got such a great deal, what it meant for 7 years, and the spectacle of inanity AT&T made while trying (not really) to keep me as a customer.

Real AT&T Unlimited Data at $50/mo + Taxes

I was using a Palm Tungsten C and a French SAGEM GSM phone until the Palm died in late October of 2007.  I’d been an AT&T Wireless cum Cingular customer since 2004, when I engaged them through the original GoPhone pay-as-you-go service.  I live more than half of the time in countries where supreme mobile service (including unlimited Internet) costs $50/mo or less.  I see no reason to engage in a mobile long-term contract, so I engaged AT&T Wireless and every month I’d pay my $50+tax (almost $80; it fluctuated a bit by month) and so be it.  I became a Hybrid Rate Plan 3 customer.

I bought an iPhone when my Palm device died.  After going through the hoops of jailbreaking and unlocking it I was able to plop my existing SIM card in the slot and get service.  A few days into having an iPhone I wondered if I could enable GSM, so I contacted technical support.  The agent informed me that I could choose any 5 services for the base fee, the rest would be billed per use or per unit of time.

So I chose voice, unlimited data, Caller ID, Call Hold, and 3-Way Calling.  I disabled voice mail and unlimited SMS.  And never looked back.

A data plan is much more useful to me as a computer industry professional.  While sending and receiving texts at $0.25/message hurt a little, soon there were services like Viber, Skype, and WeChat that obviated the need for SMS.  So I kept paying my $80/mo, and since I seldom used the voice minutes (unless it was during the free evening and weekend hours), I often carried a balance of $150 - $300 in my favor.  I’d “burn” the balance through voice minutes or SMS on my visits to the US, otherwise I’d use only the data plan while in the US.  I use my Mexican, Russian, UK, or Japanese pay-as-you-go data plans when I’m in other countries (we spend more than half of our lives in Russia or Mexico for family and professional reasons).

Annoyances:  New iPhone Models

My work requires me to have an up-to-date iPhone at all times (when we built Summly we all carried iPhones 4S and 5 to ensure that everything worked well).  With every new iPhone model after the 3GS I had to call AT&T’s tech support for a conversation like:

"I just purchased a new device.  Could you please re-enable data for it?"

"Sir, iPhone 5 isn’t supported on this network."

"I understand and I’m aware that the device isn’t supported," I’d reply, as instructed by an AT&T tech support supervisor in 2009.  "Please just confirm that the data service is enabled and stay on the line while I test."  A few minutes later I’d confirm all was well, and I’d have unlimited data until my next device came about.  Easy!

The pr3d4t0r Mobile Usage Profile

The bulk of my data usage comprised of email, WeChat/Viber/Message, some Facebook, Twitter, and Reddit, in that order.  Once in a blue moon I’d stream a movie on Netflix, but for the most part I wasn’t a data hog.  I’d also tether the iPhone on occasion if I found myself working away from home at some location without WiFi service.  Never a data hog, more or less an active-but-not-huge-usage user.  Combined with the long periods away from the US (just this year I spent more than 6 months in Mexico, Russia, China, and Japan), I never used lots of data.

AT&T was supposed to send me information last week about my usage so that I could pick an alternate plan but I’m still waiting for it.  A generous estimate is a maximum of about 10 GB/month.

Comedy of the Absurd and AT&T at the End

I’d already decided to jump to T-Mobile (my wife uses their unlimited data pay-as-you-go plan since we started spending time in the US) when a friend told me that I should contact @ATTCares on Twitter and present my case.  Maybe I could work out a deal to keep the unlimited data, pay-as-you-go service or something similar for an equivalent price?

@ATTCares and I spent the best part of several days exchanging public and direct messages, trying to figure out a way for me to stay.  In the end they could not deliver.  AT&T does not offer unlimited data plans at any price anymore, or anything close.  The absurdities began when the AT&T representative told me to check their new plans to find something that would work.

Bottom line:  it’d cost me $190/mo to get worse service than what I’d been getting for $80/mo ($50 + taxes and fees) for the last 7 years.  I tried to explain it to the AT&T representatives.  They first couldn’t understand why I kept asking for them to review, then they stonewalled when they understood.

AT&T was telling me to spend more money for fewer services and adding a pile of crap services that I neither use nor need.

The situation is symptomatic of AT&T.  They are too large, too powerful, and too stupid (or are they too clever?) to realize that their woes are self-inflicted.  In whose little brain does it make sense to offer a service that’s 3 to 5 times more expensive with fewer features?

This was compounded by a complete lack of communication after they offered to try to work something out.  They just stopped the conversation without any resolution.  Is it because they don’t want someone to point at their real unlimited data plans (now defunct)?  That FTC lawsuit for deceptive practices can’t a good thing for the company.

My last message to the AT&T representative, when I realized that we wouldn’t get anywhere, was simple:  it’s not you, AT&T.  It’s me.  Tomorrow never came for us.

Conclusions

I did the math and figured that, by purchasing the iPhones without a subsidy and using the pay-as-you-go plan I saved at least $8,000 over 7 years.  Buying an “expensive” smartphone and using a pay-as-you-go plan is a much better deal than getting a “cheap” subsidized device.

AT&T could have just told me “we don’t support unlimited data under any plan anymore” and saved us both a few hours and time wasting over Twitter conversations.

Thanks to T-Mobile’s professional approach to handling customers and actual needs I’m now a happy T-Mobile customer.  T-Mobile enabled more features than I had with AT&T, for about the same monthly price.  @ATTCares not and in trying to gouge me they went from making $80/mo from me to zero.  T-Mobile gained a customer and a cheerleader, with their excellent tech support, and a plan that fits my needs.  Pay-as-you-go, combined with a paid, unshackled, unlocked device, makes more economic sense.  And T-Mobile is showing customer care that AT&T is not.  Keep up the good work, guys!

A Paranoid Guide to Files Privacy After TrueCrypt

The mysterious disappearance of TrueCrypt in May 2014 left many of us wishing for a viable, open source alternative.  The TrueCrypt audit of 2013-2014 unveiled minor vulnerabilities, all fixable with ease.  Whatever the reasons for the TrueCrypt project to close down, users were left in a lurch:  it’s hard to trust any of the commercial volume/folder/file encryption tools if you’re serious about security.  TrueCrypt remained the current best alternative, at least until it was made obsolete by advances in operating systems or a better alternative became available.  Which of the existing TrueCrypt successors or alternatives would you use?

Update 25.Oct - The University of South Wales lists a number of reasons and related sources about why we should avoid AES encryption in favor of Twofish.

Son of TrueCrypt

TrueCrypt lives on in different incarnations.  The ones getting the most attention are TCnext, VeraCrypt, and CypherShed (links to each at the end).  I contributed money and paid attention to the results of the TrueCrypt audit, and how they are meant to be addressed.  I’ve been a happy TrueCrypt user and advised many a client and friend to use the technology since 2008.

The VeraCrypt project addressed some of them when it was created over a year ago, while TrueCrypt was still alive and kicking and before the audit.  The contributors to VeraCrypt conducted their own analysis and fixed various issues in VeraCrypt.  VeraCrypt seems to have enough momentum and it may be around for a while.

My next favorite, at least on paper, is the TCnext project.  It’s based in Switzerland.  They have active information forums, and they made the TrueCrypt 7.1a code binaries available for use across all supported environments.  After 5 months, though, there’s no new code, no repository, and it seems like all the activity takes place in the forums, with nothing new to show yet.

CypherShed…  even worse.  Lots of good intentions, a Wikipedia page, but neither forum nor coding nor any other activity worth noting.  Maybe some day, but not yet.

Keeping Your Private Files Private?

I found myself facing this dilemma a few days ago.  TrueCrypt 7.1a won’t work on OS X Yosemite, my workstation OS.  After reviewing all the options I mentioned earlier, I figured I’d take VeraCrypt for a spin.  My observations:

• VeraCrypt’s performance is in par with the original TrueCrypt (e.g. you may stream video from an encrypted, external volume without issues)
• The UI is 100% identical to TrueCrypt’s, with a different window finish but with the same controls in the expected places

• The most noticeable difference is how long it takes to mount a volume; it takes a long time because VeraCrypt is hardened against brute force attacks to which TrueCrypt may be vulnerable

Neither TCnext nor CipherShed offer viable alternatives.  At this point VeraCrypt is the only credible contender.

Compatibility with TrueCrypt

If you’re starting with new volumes, go ahead and create your volumes and otherwise begin using the VeraCrypt on a regular basis.

VeraCrypt volumes are incompatible with TrueCrypt; that means that volumes created with one may not be accessed from the other.  If this is your situation, create a new volume with VeraCrypt and copy the files over.

A Word About Encryption Options

Use less well-known options.  Although the defaults (AES encryption and RIPEMD-160 hashing) have no known vulnerabilities, don’t make it any easier for an adversary to crack the contents.  My personal recommendations are to use Twofish encryption (at least as strong as AES, though somewhat slower) and Whirlpool is cryptographically stronger than RIPEMD-160.  Not taking all the defaults will increase the difficulty that an attacker will experience in trying to break into your files.

This doesn’t mean that any of the options in there is unsafe; all offer about the same level of protection (though some combinations of two or more strong algorithms, in the past, have shown to be more vulnerable than a single encryption pass with a strong algorithm).  Keep it simple, but different enough to increase difficulty.

Why You Shouldn’t Use the Built-In Disk Encryption Tools

Microsoft and Apple may or may not have been coerced by the TLAs into building backdoors or other mechanisms to foil file volume encryption.  We won’t know because of National Security Letters, gag orders, and worse.  Assume that, unless the source code is available for inspection by 3rd-parties, all commercial encryption products are suspect of having built-in vulnerabilities and aren’t good enough for protecting your privacy.

Conclusion

As an end user, the safest option to keep your private files private is using VeraCrypt volumes.  For now.  The code continues to be updated, the dev team is improving on its functionality and security, and it’s available for current versions of all major end-user operating systems.

References and Links

• VeraCrypt download and discussion
• TCnext web site and forums (the certificate warning you see is because they got a certificate for downloads.truecrypt.ch instead of www.truecrypt.ch but it’s “OK” to go in like this and explore/read about it)
• CipherShed web site
• Twofish encryption
• Whirlpool hashing algorithm and discussion

Installing Python textract in a Cross-Platform Docker Container

We’re building a Python application that relies on textract, the powerful content extractor from Word, PowerPoint, Acrobat, HTML, and other dark format documents.  The application lives in a Docker container based on phusion/baseimage.  These are our target platforms in order of importance:

• Windows / boot2docker
• OS X / boot2docker
• Linux

The textract installation instructions look simple:

apt-get install python-dev libxml2-dev libxslt1-dev antiword poppler-utils
pip install textract

The naïve implementation in a Dockerfile would be:

RUN apt-get install python-dev libxml2-dev libxslt1-dev antiword poppler-utils
RUN pip install textract

Problem?

This results in a build error when the textract installer tried to link the native llxml2 libraries to create entree.so:

/usr/bin/ld: cannot find -lz

collect2: error: ld returned 1 exit status

error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

The error occurred because boot2docker creates a 32-bit virtual host with compression libraries that are incompatible with the defaults prescribed for building textract.

Solution!

Just add the 32-bit zlib compression library (lib32z1-dev) to the container’s textract installation steps, then proceed as indicated in the documentation.

RUN apt-get install python-dev lib32z1-dev libxml2-dev libxslt1-dev antiword poppler-utils
RUN pip install textract

Validate

Check that the textract command line application and Python libraries are installed by executing these commands in the running Docker container:

Cheers!

Emily Reeve - Roy Lichtenstein - Comic Con 2014

#lichtenstein #comicon #cool #comics #artsy

Urban Beauty

#urban #art #artsy #graffiti #mural #beauty #sanfrancisco #искусство #красивая #красота #фреска #граффити #санфранциско