Wanted: Most secure unencrypted email solution

Dear lazy web,

Thanks to the global surveillance disclosures, I am searching for a secure email solution. Using end-to-end encryption seems to be the only secure solution to keep the email content private, but it does not protect your email header. End-to-end encryption has the big drawback that the communication partner has to use it, which is rarely the case. I want to communicate as secure as possible even with people that do not use end-to-end encryption. What is the most secure unencrypted email solution?

Should I rent a (virtual) server in my country (Germany) and run my own email server on it? Do you know any reliable, inexpensive server host for such use case?

Code name for Ubuntu 18.04 LTS

Every Ubuntu release gets an alliterative code name from Mark Shuttleworth. It is a composition of an adjective and an animal. The upcoming Ubuntu 13.04 has the code name “Raring Ringtail”. Since nearly the beginning, the code names follow the alphabetical order. We will reach the letter Z with Ubuntu 17.04 if no letters are skipped. Will we wrap then and begin with A again?

At UDS-R in Copenhagen, Mark Shuttleworth jokingly said between Jono Bacon’s introduction and Mark’s keynote speech, that vegetables will be used once we run out of letters. He proposed the code name for Ubuntu 18.04 LTS: Brilliant Broccoli!

Unreliable SSDs

Today my system froze and failed to reboot. I plugged in an Ubuntu live USB stick and booted from it. Then I discovered the problem that my Intel SSD 320 broke. The output of hdparm is attached to the end of the blog post. You can see that the device size is reduced to 8 MB from 120 GB and the serial number is called BAD_CTX 00000159. The firmware of the SSD was up-to-date and the last firmware update should have fixed the 8 MB bug.

The Intel SSD 320 is my second SSD. My first SSD was a Super Talent Ultradrive GX 64GB, which died after around fifteen month of heavy use. It left a big bunch of my data corruption behind. SSDs seems to be very unreliable. Both SSDs died, but I cant remember that one of my HDDs died.

$ sudo hdparm -I /dev/sda

/dev/sda:

ATA device, with non-removable media
Model Number: INTEL SSDSA2CW120G3
Serial Number: BAD_CTX 00000159
Firmware Revision: 4PC10362
Transport: Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6
Standards:
Used: unknown (minor revision code 0x0029)
Supported: 8 7 6 5
Likely used: 8
Configuration:
Logical max current
cylinders 16383 16
heads 16 16
sectors/track 63 63
--
CHS current addressable sectors: 16128
LBA user addressable sectors: 16384
LBA48 user addressable sectors: 16384
Logical Sector size: 512 bytes
Physical Sector size: 512 bytes
device size with M = 1024*1024: 8 MBytes
device size with M = 1000*1000: 8 MBytes
cache/buffer size = unknown
Nominal Media Rotation Rate: Solid State Device
Capabilities:
LBA, IORDY(can be disabled)
Standby timer values: spec'd by Standard, no device specific minimum
R/W multiple sector transfer: Max = 16 Current = 16
DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6
Cycle time: min=120ns recommended=120ns
PIO: pio0 pio1 pio2 pio3 pio4
Cycle time: no flow control=120ns IORDY flow control=120ns
Commands/features:
Enabled Supported:
Security Mode feature set
* Power Management feature set
* Write cache
* Look-ahead
* Host Protected Area feature set
* WRITE_BUFFER command
* READ_BUFFER command
* NOP cmd
* DOWNLOAD_MICROCODE
SET_MAX security extension
* 48-bit Address feature set
* Device Configuration Overlay feature set
* Mandatory FLUSH_CACHE
* FLUSH_CACHE_EXT
* General Purpose Logging feature set
* WRITE_{DMA|MULTIPLE}_FUA_EXT
* 64-bit World wide name
* IDLE_IMMEDIATE with UNLOAD
* WRITE_UNCORRECTABLE_EXT command
* {READ,WRITE}_DMA_EXT_GPL commands
* Segmented DOWNLOAD_MICROCODE
* Gen1 signaling speed (1.5Gb/s)
* Gen2 signaling speed (3.0Gb/s)
* Phy event counters
* Software settings preservation
* SMART Command Transport (SCT) feature set
* SCT LBA Segment Access (AC2)
* SCT Error Recovery Control (AC3)
* SCT Features Control (AC4)
* SCT Data Tables (AC5)
* Data Set Management TRIM supported (limit 8 blocks)
* Deterministic read ZEROs after TRIM
Security:
Master password revision code = 65534
supported
not enabled
not locked
frozen
not expired: security count
supported: enhanced erase
2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
Logical Unit WWN Device Identifier: 500151795951d4b9
NAA : 5
IEEE OUI : 001517
Unique ID : 95951d4b9
Checksum: correct

System cleanup

Tonight was system cleanup day. Baobob showed me where are the gigabytes hide. The home directory got rid of huge, old VCS checkouts of various projects. Then it was time to look at the system directories. I cleaned my apt cache

sudo apt-get clean

and the cache from pbuilder. Then I found something that lead to this blog post: /var/log consumed 3.8 GB. The biggest files were

1.8 GB /var/log/kern.log
1.8 GB /var/log/syslog
4.3 MB /var/log/dpkg.log
1.4 MB /var/log/kern.log.1

Hardware review I

This month I built two systems with identical hardware component (except for the case). Here’s the list of components:

Cases often don’t meet my high requirements. Many cases are sharp-edged, bad designed (inside and outside), use cheep plastic, and/or vibrate, because the hard drives confer their vibration to the case. The Sugo SG02-F case is not perfect, but I will recommend it. The Silentium T11 case has no shard edges, but I won’t recommend it. Too much plastic and optical not appealing.

You probably have to replace the boxed CPU heat sink and use a better power supply if you want a silent system.

How well do these components work with Ubuntu 10.10 (and probably other recent GNU/Linux distributions)? Perfectly. Everything that I tested worked:

  • The USB 2.0 and USB 3.0 ports work with everything plugged in (mouse, keyboard, flash drives).
  • Audio works (only stereo output tested; 5.1 sound was available in Pulseaudio)
  • 2D and 3D graphics work with the free (libre) radeon driver (Compiz runs)
  • LAN works