smashedbug.com, tech music and geek news

There has been a lot of news recently of upcoming operating system releases — particular Microsoft Windows Vista and user interface changes.

Way back in the pre-Macintosh era for Apple and the DOS era for PC’s, there largely was no definition for a standard user interface. Learning new applications required a significant time simply understanding key mappings, location of similar functionality and so forth. Even simple things like printing required learning new dialogs and configurations.

The Macintosh defined a very consistent UI. Items such as drop down menus, icons, common keyboard shortcuts, windows, etc were commonplace among many applications. As a result, learning a new application did not necessarily equate to learning a new interface but simply the added functionality the new software provided.

In part, many of the design decisions were due to hardware restrictions. Limited sized icons, limited number of widgets and so forth resulted in smaller memory footprint and less user interface processing requirements.

Starting about 6-7 years ago, a divergence from this consistency occured. With Mac OS X, Apple elected to break with rigorious consistency and applications started utilizing various widgets.  For example, some applications utilized a brushed steel look while others used an Aqua look.

With the upcoming Windows Vista release, it appears that Microsoft is attempting to perhaps downplay consistency and develop interfaces around individual applications.

Base functionality within the operating system renders their windows differently. Some have window titles, others do not. Some have help buttons, some do not .. others might have a help button located in a different location. Icons and buttons are different in shape and appearance. Things like menu bars might be available while other applications might do away with menu bars in favor of “ribbons”, shortcut bars, interface clutter and so forth. To top it all off, the colors and layout of the Windows can vary considerably.

Is interface consistency irrelevant? Should interfaces be designed on the whim of the software development team without consideration of the user interfaces of other applications? Does developing rich graphical  system-inconsistent interfaces enhance usability of the system?

It will be interesting. Some people noted that web pages are largely inconsistent and it hasn’t impedded usability — but is this truly accurate? I don’t think so. First, a given user will view webpages in one or perhaps two browsers. The browser provides a consisent interface for navigation, printing, bookmarks and so forth. In addition, well designed sites take into consideration accessibility. Text to speech synthesis, screen resolution, visually impaired visitors, etc. There are still many sites that are simply unusable for a large percentage of users.

It will be interesting to see how this works out. I’m personally under the impression that a single, well defined user interface with as much standardization as possible is a good thing. Standardized dialogs, standardized keyboard shortcuts, standardized menu layouts, etc provide an interface that minimizes the learning curve and allows many development teams to provide input that ultimately can enhance ALL applications utilizing that interface.

Compiz is an OpenGL compositing manager for X-Windows (The base graphical interface for Unix/Linux). The system gives Linux and BSD users the ability to have a 3D accelerated desktop interface. While the concept is nothing new (Mac OS X has Quartz and Windows Vista has Aero), some of the capabilities seem rather new and innovative to me. In particular, the ability to have multiple virtual desktops and spin between them (the 3D cube), have real-time updated selectors, transparencies, unbound 3D elements and more.

A video demo is available showing off the features of the system. Note: There is no sound.

Email communication continues to become more and more critical for personal and business communication. Unfortunately forged emails are a reality for many — let it be the various “phishing” emails that claim to be from your bank, ebay or other sources or an email generated from malware that forges the sender with your name and email address and attempts to construct an email that *seems* legit. These emails can be very difficult to determine the legitimacy of the content.

A solution is OpenPGP. Dating back over 15 years to 1991, PGP is a public-key encryption technology.

Public-key cryptography has two parts: a private key and a public key. The private key is bound to a particular identity (ie: an individual user). From the private key a public key is derived and distributed (generally through a centralized key server). The public-key allows one-way encryption as well as validation of documents signed by the private key. As a result, people can encrypt items (files, emails, documents) with the public-key, but only the private-key holder can unencrypt the file.

So what does this have to do with anything? One feature of OpenPGP is the ability for a person to sign a document, such as an email, with their private key. This results in a small file attachment that when processed along with the original email and the public key, can ultimately validate that the email was signed with the private key.

How does it all work?

OpenPGP tools are available for virtually all operating systems and most email clients have built-in or add-on support. To demonstrate, I’ll outline the basic steps when setting up the keys and writing an email in KDE using KGPG and KMail.

1. First, open KGPG (Utilities->PIM->KGPG). If it is the first time it will walk you through creating a private key. If the wizard does not appear, click on Keys -> Generate Key Pair. This requires your name and email address. You can also provide a comment, expiration date and increased key size (read: more secure key) if desired. Once done, click Ok. It will ask for a passphrase (to verify only legimate people can use the private key!)
2. Once your key is created, open up KMail and go to Settings -> Configure KMail -> Identities. Select your identity and click Modify. Under Cryptography, click “Change” to select your signing and encryption keys (these should be the same). Click OK to close and exit the settings window.
3. You can now compose an email. When you want to sign, simply select Options -> Sign Message. If you want to always sign emails, in the KMail Settings dialog, select Security -> Composing -> Automatically sign messages.
4. When done, click send. It will prompt for your passphrase (as you don’t want ANYONE signing your emails!).

Thats it! Your now able to sign your emails to validate it came from you.

If the person receiving the email does not have a OpenPGP aware email client, they will simply see a small attachment on your email. However, if they have an OpenPGP aware email client, it will note that you signed the email but it does not have the ability to verify (due to the fact the person does not have your public key).

So how to do this? It is quite simple. In KGPG, right click on your key and select “Export Public Keys” and click the “Default Key Server” radio button. Click OK and the public key will be placed on the key server for others to download. When your signed message arrives, the recipient will have your unique key ID and can easily import your public key throug hthe OpenPGP interface in their email client.

For the astute readers, the question ends up being: How do you know that someone is not forging the key? By default, public keys imported into your keyring are considered untrusted. You can sign the key (in KGPG, right click on a public key and select “Sign Key”) and it will prompt with the unique fingerprint. This can then be verified with the private key holder (either via phone, through another secure channel, etc..) to rule out the possibility of a rogue key.

To expand, it is possible to use the public key to encrypt the entire message, file or document for a given recipient. As a result, it provides the ability to transmit that information over an insecure channel without significant concern of interception (this is different than a signed email which only verifies the email came from a given person and was not tampered with). In addition, revokation keys, increased key size, various crytography algorithms and key expiration dates increase the security for higher security applications.

OpenPGP is a very powerful tool. With systems such as KDE with the KGPG and KMail integration, access to this powerful tool is easily within the grasp of most computer users.