February 12, 2013
iPad Business Content Creation Apps
These are reliable, usable, powerful and pro-offline.
iThoughtsHD +
- Use Case: mind mapping
- Key Features: zoomable mind maps with photos
- Folders: yes (nested maps with hyperlinks)
- Export: photo, pdf (email, app)
- iOS URL: inbound (mm://Maps/mymap), outbound
- Development: active
Magical Pad + @
- Use Cases: brainstorming, visual project planning
- Key Features: mind mapping, outlining, drag & drop
- Folders: yes (multiple notebooks, each with workspaces)
- Export: pdf, opml (email, GDrive, Evernote, Dropbox)
- iOR URL: no
- Development: active
- Tip: collapse/expand outlines to change project focus
Notebooks +
- Use Cases: offline note taking, full text search
- Key Features: text, markdown, html, images, audio, video
- Folders: yes (multilevel nesting)
- Export: text, pdf (WiFi web server, WebDav, Dropbox)
- iOS URL: inbound (notebooks://), outbound
- Development: active
inShort +
- Use Cases: process modelling, project planning
- Key Features: critical path, PERT, Gantt
- Folders: yes (nested diagrams)
- Export: pdf, opml (email)
- iOS URL: inbound (object-level addressing), outbound
- Development: active
- Tip: uniquely powerful capabilities justify learning curve.
TouchDraw + @
- Use Cases: flowchart, architecture, block diagrams
- Key Features: visio import/export
- Folders: yes
- Export: pdf, svg, visio, image (email, itunes, apps)
- iOS URL: no
- Development: active
Corkulous Pro + @
- Use Case: vision board
- Key Features: image scrapbook, sticky notes, checkboxes
- Folders: yes (nested boards)
- Export: photo album, iTunes file sharing (pdf, image, native)
- Development: maintenance (OS compatibility updates)
- Tip: screen capture boards as photos, rotate in slide show with aspirational images to motivate action on complex projects.
February 09, 2013
iOS Email Encryption with Linux GPG (OpenPGP) Keys
iPGMail keys can be generated on the iPad (2048 bit max) or imported via iTunes (4096 bit max). SecuMail keys must be generated off-device and imported via a key server, email or Dropbox.
Key generation tutorial for Windows Thunderbird, Gpg4Win.
Linux instructions follow.
Configure GPG
Edit ~/.gnupg/gnupg.conf to append:
personal-digest-preferences SHA512 cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP UncompressedDisable the GPG gui agent which caches passphrases, by commenting out the use-agent line (prefix it with #), then issue:
sudo killall -9 gpg-agent
Generate Master Key & Encrypting Subkey
gpg --gen-key (1) RSA & RSA Length 4096 No Expiry
Generate Signing Subkey
gpg --edit-key [key ID] gpg> addkey (4) RSA (sign only) Length 4096 No Expiry pub 4096R/AAAAAAAA created: 2013-02-09 expires: never usage: SC sub 4096R/BBBBBBBB created: 2013-02-09 expires: never usage: E sub 4096R/CCCCCCC created: 2013-02-09 expires: never usage: S gpg> showpref Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify gpg> quit Save changes? (y/N) y
Backup Keys (store securely!)
gpg --export [key ID] > /mnt/secure/publickey.gpg gpg --export-secret-keys > /mnt/secure/secretkeys.gpg gpg --export-secret-subkeys > /mnt/secure/secretsubkeys.gpg gpg --armor --gen-revoke [key ID] > /mnt/secure/revoke.asc
Remove Private Master Key
gpg --delete-secret-keys [key ID]
gpg --import /mnt/secure/publickey.gpg
gpg --import /mnt/secure/secretsubkeys.gpg
gpg --list-secret-keys
sec# 4096R/AAAAAAAA 2013-02-09
uid John Doe <john@doe.com>
ssb 4096R/BBBBBBBB 2013-02-09
ssb 4096R/CCCCCCC 2013-02-09
Export keys for (secure!) transfer to iPad
gpg --export --armor [key ID] > /mnt/secure/public.asc gpg --export-secret-keys --armor > /mnt/secure/private.asc gpg --export-secret-subkeys --armor > /mnt/secure/subkey.ascNotes:
- iPGMail (as of v1.44) and SecuMail (as of 2.4) do not support private subkeys unless the master key is also present, which defeats one purpose of subkeys (keeping the master key offline).
- SecuMail can encrypt local files (e.g. PDF, docs, images) from most iPad apps, since it implements the "Open In.." menu for use by other apps. It also supports Dropbox.
- iPGMail can encrypt cloud-resident files, e.g. Dropbox/iCloud, or local files transferred to the ipgmail app via iTunes file sharing.
References:
- iPGMail $2 app | manual
- SecuMail: $50 app | manual
- GPG Howto
- Apache OpenPGP Howto
- Convert GPG keys to subkeys
- Using multiple subkeys in GPG
- gpg subkeys, revisited
- GnuPG Hacks
- The internals of an OpenPGP key
- S/MIME Encrypted Email on iOS 5
- Cross-Platform Encryption with GPG
Linux Disk Encryption
(notes to self)
Step 1: Wipe disk by filling with random data. Options ordered by decreasing security and decreasing time:
Option (a): Fill disk with data from urandom. About 15 Mb/sec per IVB CPU core. E.g. for two core machine, where NNNN = (partition size) / 2:
dd if=/dev/urandom of=/dev/mydiskpart bs=1M count=NNNN & dd if=/dev/urandom of=/dev/mydiskpart bs=1M seek=NNNN count=NNNN &
Option (b): Fill disk with output of OpenSSL PRNG. About 40 Mb/sec.
head -c 1K < /dev/random > ~/.rnd while true; do openssl rand $((2**31-1)); done | dd of=/dev/mydiskpart bs=4M pkill -USR1 dd
Option (c): Encrypt disk, initialize with /dev/zero, then discard key. About 80 Mb/sec.
swapoff -a cryptsetup --verify-passphrase luksFormat /dev/mydiskpart --cipher serpent-xts-essiv:sha256 -h sha512 --use-random -key-size 512 --iter-time=5000 cryptsetup luksOpen /dev/mydiskpart mydiskmap dd if=/dev/zero of=/dev/mapper/mydiskmap bs=1M dmsetup remove /dev/mapper/mydiskmap dd if=/dev/urandom of=/dev/mydiskpart bs=512 count=2056
Step 2: Encrypt disk
swapoff -a cryptsetup --verify-passphrase luksFormat /dev/mydiskpart --cipher serpent-xts-essiv:sha256 -h sha512 --use-random -key-size 512 --iter-time=5000 cryptsetup luksOpen /dev/mydiskpart mydiskmap mkfs.ext4 -m1 /dev/mapper/mydiskmap mount /dev/mapper/mydiskmap /mnt/mydiskmnt
References:
- Resetting passphrases for mapped LUKS volumes
- Introducing overlayroot -- overlayfs + dmcrypt
- Quickly fill a disk with random bits (without /dev/urandom)
- Secure Erase: data security you already own
- SSD Secure Erase with proper ATA command
- Serpent algorithm
- Serpent: A Candidate Block Cipher for the Advanced Encryption Standard
- How to choose an AES encryption mode
- aes-xts-plain vs aes-xts-essiv
Posted by dotpeople at 04:23 AM
iPad eBook Reader Apps
- Format: PDF (retains zoom on page turn), Video, Image
- Folders: Yes
- Sync: WebDAV, FTP, SFTP, SMB, AFP, Dropbox, SkyDrive, Google Drive, SugarSync,
- Import: HTTP
- Navigation: Fast
- Development: Very Active
- Format: ePub
- Folders: No (but integrates with iBookShelf)
- Import: HTTP
- Navigation: Fast, plus speed-reading features (timing, auto-scroll, auto-highlight)
- Development: Active
- Format: ePub, PDF (does not retain zoom on page turn)
- Folders: Yes
- Import: HTTP
- Navigation: Slow
- Development: Active
- Format: ePub, PDF (does not retain zoom on page turn)
- Folders: Yes
- Import: OPDS, HTTP, Calibre Server
- Navigation: Fast
- Development: Maintenance only (OS compatibility updates)
- Format: ePub, PDF, Text, RTF, Word, PPT, Daisy
- Folders: Yes
- Import: HTTP, Dropbox, Instapaper (paid sub), Pocket, Clipboard, Open-In
- Output: Text-to-Speech
- Development: Active