Domain: sourceforge.net
Stories and comments across the archive that link to sourceforge.net.
Comments · 31,462
-
Re:Stores passwords in plain textSimilarly, the argument of having passwords coresident with in-use data sounds a lot like... hmmm... oh, yes: the
/etc/passwd file twenty years ago. And now unix uses a shadow file.
Sorry, as a computer security expert (but admittedly not a cryptologist), I ain't buyin' any of these arguments.- Look at the power of a metapassword (master key) for taking a simple, generic, trusted symmetric encryption algorithm (twofish, for example), plus data needing encrypted, plus a master key, and generating considerably more hardness than Gaim's planned design. And you'll note that no argument against 1 is given!!!
- Security by obscurity is not by itself adequate, but it can be a valid component of a security plan: an algorithmically generated OTP or other machine-unique password CAN be used to 'keep honest people honest'. Weak encryption plus obscurity plus permissions would be better than the just relying on permissions.
- Limited access to the file should be ONE SMALL PIECE of a larger security plan. But it is insufficient. It presumes the Gaim user is also the system admin. Sys admins for academic systems or other large-organization unix installations are NOT infallibly honest, and telling people that 'if you don't know who has access to your password file, you've got other problems' presumes that all systems look like the developer's home system (where (s)he is sys-admin and owner. I understand that is the predominant case now, but it ain't the only case and it is lazy to presume all other use cases are invalid. Futher (and more frighteningly, in many ways), OS/User file permissions do nothing to protect a user from a trojan or spyware that grabs and exploits/forwards a keyfile. This one worries me more because I can readily envision a trojan designed to use an insecure Gaim password file as a propagation vector. Get in via whatever means, steal that user's keys, use that knowledge to spread. Given most users' password reuse, GAIM itself doesn't even need to be the application used for spreading: the vector can just use this cache of passwords for suggestions of the user's OTHER passwords (local system, domain/network, email, ISP account, etc). Damn it, we're supposed to be smarter than this!
- default: don't store passwords. The only secure mechanism offered, and an unmitigated pain in the ass. It is the equivalent of admitting defeat or incompetence.
Lastly, "don't stay logged into AIM" needs no response. That's like telling people to unplug their phone between uses: Abso-frickin-lutely ludicrous... a straw man in dire need of some lighter fluid and a match.
The correct mechanism is to get the passwords the fsck OUT of a working file into a file used for that ONE purpose so it can be better-managed both on-disk and in-memory, build a master key mechanism as the linked article mentioned in part 1, and allow that as a nearly-secure alternative to option 4. Given that 4 and 1 share the keylogger-plus-trojan-forwarder vulnerability, I'm leaning toward saying they're equally secure. But it's late and implementation details matter a lot on security designs like this. I could be wrong.
A last comment: I *LOVE* GAIM. I USE IT CONSTANTLY. And this issue notwithstanding, I have deep respect for GAIM and other open-source developers. I'm sorry that I come across as pretty hard on the developers here (let me just apologize right now for callin' y'all lazy. I know you're NOT). But I'm not alone in my enthusiasm for GAIM. NO way. There must be people dependent enough on GAIM that know crypto well enough to help the developers through the development and rough 'proving' out of a better algorithm than this set of excuses. All they'd have to do is sugar-coat the call-for-help. - Look at the power of a metapassword (master key) for taking a simple, generic, trusted symmetric encryption algorithm (twofish, for example), plus data needing encrypted, plus a master key, and generating considerably more hardness than Gaim's planned design. And you'll note that no argument against 1 is given!!!
-
Re:Trained Professionals
If you don't want somebody else to see it, never type it.
I'm guessing that you imply this by "type", but I'd mention IM by name in that as well, since most IM traffic is unencrypted. I set up a computer system a few years ago that was connected to an ethernet port of a core switch. I turned on traffic monitoring on the switch and the port got a copy of all traffic through the switch forwarded to it. I set up the computer to log all ICQ and AIM conversations to a SQL database, just with some Perl scripts and monitoring network packets. Message, user, time, IP, everything. It was ridiculously simple to implement and I think I used AIM Sniff at the time, though I'm not completely sure. My motivation for it at the time was to demonstrate that IM was insecure.
Want to justify the need for mandatory IM encryption or even IM blocking? Demo one of these for your boss. Or perhaps you just want some gossip/blackmail material. Especially in an IM happy organization where users can install IM clients at will. Very illuminating.
-
The lua language
I just discovered Lua and I got my PiL today. Its an fantastic language! It executes faster than perl, php, python and ruby. It is alot smaller, round 200kb, which is less than 1/10 of a minimal php installation and it has a reasonable Licence (MIT).
The main drawback is the lack of good standard libraries and the build system (for lua 5.1) don't support DSO's on linux. Debian has some patches that uses libtool to build it.
There is an interesting projocet named haserl that will allow you to embed lua in html pages.
First Edition of the book is available online
-
Not X's fault... The font hinting VM is patented.
See http://freetype.sourceforge.net/patents.html
Apple has several patents covering the bytecode interpreter for executing the hinting programs included in most truetype fonts. The freetype library has support for this patented tech, but it is disabled by default in many Linux distributions for obvious legal reasons.
It would be possible to invent a new hinting system, but such a system would be incompatible with existing fonts.
Thus the patent system has made sure that it is impossible for someone without a large patent portfolio (for mutually insured destruction style protection) to have rendering of TTF equal to that of Windows and MacOS.
It's quite possible to recompile freetype with the patented software enabled and many people do... However, if you do so you'll probably run into a number of other bugs (pango rendering, etc) because most of the rest of your system is not well tested against freetype with the full hinter vm enabled.
BTW- Freetype 2 includes a built in auto-hinting which is really impressive tech.. Most people will agree that it's often almost as good as hand hinting, and some (myself included) find it preferable to the hinting in many of the fonts and thus consider the patent issue fairly moot. -
It is an excellent bookI don't have any association with the author or the other creators of the language, so perhaps my opinion will add some legitimate support for the book and the language. I developed my previous project (Ribosome Builder) with Lua and found it to be very stable, easy-to-use, small, fast and powerful. That said, I was eagerly looking forward to the release of this next edition of the book, because I'm using Lua again for my current projects, and hope to make even better use of Lua 5.1. I'm especially excited about the new support for modules, and also the fact that Lua is now supported by SWIG. Previously, I had to do a lot of manual hacking to define the interface functions between my core code (in C++) and the lua scripts.
I've read about 3/4 of the book so far and I completely agree with the reviewer's assessment. It's very cleanly and clearly written, with many things explained in a concise and elegant style. For example, Ierusalimschy's explanation of closures allowed me to immediately grasp them and appreciate why they are useful. I remember reading about them way back years ago in Larry Wall's book 'Programming Perl', and was remained rather confused about the concept. I don't know if the additional years of experience helped, but the clear style of the Lua book certainly did.
Using a scripting language for enhancing and extending a complex project just seems to be a given for most serious projects these days, and after surveying the field, I considered only two main choices: Python and Lua. Python is also really well designed and powerful, but I decided to go with Lua because it does pretty much everything I need it to do, does it very well, but best of all, it is so very small. These days when even the most basic projects can quickly grow into complex, interconnected monstrosities with a zillion dependencies, I believe that the values of small and simple are more important than ever. So for that reason especially, I'm really excited about Lua and the prospect for using it more effectively after I finish swallowing this Blue PIL.
mhack
-
Re:Beta 4
The bug report is here. I don't know if the developers of the Win32 port of GTK+ are aware of the issue, but the Gaim developers certainly are. Unfortunately it seems to be a difficult to pin down issue, and it might be as simple as using a different Win32 GTK+ build. I would try it right now while getting something to eat, but I'm in Linux land getting some things working.
:) -
Re:DVD and merchandising sales
Maybe you have more luck at the Free Film Project. OTOH, that project doesn't look very alive (the latest news apparently is from April 1, 2004).
-
Re:One mediocre programmer could do this right
I tell you, I'm not much of a programmer, but I am convinced that, given a year, I could design and program an effective voting software with: 1) A paper trail sufficient to be used for a manual recount. 2) Reasonable measures to ensure 1 voter 1 vote. 3) A barcode crypto scheme to tie #1 and #2 together so that every database record can, if required, be verified against every paper record. 4) A completely open and peer-reviewed code base.
You don't have to, it's already been done. -
Re:Are you kidding me?
There's only a very few examples where Game #2 was considered one of the best in the series:
You forgot Ur-Quan Masters (Star Control 2).
-
Grammar Nazi Time
-
Re:Auto away
You may have run into the bug: Never Idle
I found that this problem was fixed in Beta4. When I installed Gaim 2.0.0, I would never go idle. I had everything configured to set me Idle, but I wouldn't go idle.
The difference between "Windows Usage" and "Gaim Usage" is that Gaim usage is only the time that you spend in gaim, sending and recieving messages. Windows usage means that if you're typing in Microsoft Word, then Gaim will not set you idle while you're actively using the computer. -
Re:Beta 4
The 2nd half of http://sourceforge.net/tracker/index.php?func=det
a il&aid=1413999&group_id=235&atid=100235 seems to be the bug he's talking about. -
Let's not jump the gun
GAIM 2.0 is not actually out yet. This is only a beta, and as someone who has been waiting for over a year for the software to be released, I don't expect it to show up anytime soon. In fact, it's reminding me of Vista's development. Very little information, and feature scale backs. The merging of the Gaim-vv code into 2.0 was canceled, the results of the Google Summer of Code 2005 were released right around the time the Summer of Code 2006 was ending.
The longest thread on the project's forum page is still a thread asking about the delays even though it was closed at the end of August. And it has it's share of jerks, but it really illustrates what a Debian-like release cycle this has been. -
Re:Stores passwords in plain text
-
Re:Stores passwords in plain text
Are passwords encrypted in the later versions of the beta?
No they're not, and no they're not likely to be.
The GAIM team explain the reasons behind this on the website and they seem like good reasons to me. -
Re:Weird crash?
Does anyone else have a problem where Gaim 1 and Beta 2 crash while trying to connect to MSN?
I've not been able to find anyone who can replicate this.
Nope, they definitely didn't have a news article about this problem on the GAIM site.
Oh wait, yes they did. -
Doing it on a budget.
I helped a guy out with this sort of thing once before, and this is what we came up with:
Two boxes.
The first machine was set up with Debian and Shorewall All the other machines lived behind it.
The second machine was also set up with Debian, and with some rsync silliness, we got all of the lab machines re-imaging themselves every night.
It was a bit of a hassle to get running at first (we had to wipe every machine and install linux on it) and there is the drawback that the windows partition was living on FAT32 (unless NTFS write support has become significantly better, this might still be an issue). We also had to use Smart Boot Manager as it had the nice feature of being able to schedule boots. At midnight, every machine in the building would reboot into linux, rsync their windows partition against the master server, and then reboot to windows in the morning.
There was some good things to this, though:
1) Everything was done out of band, so even when windows would normally complain or make things difficult (some system files, as I recall), it was totally out of our way.
2) You could push a new image to the rsync server and within 24 hours all of your machines would be patched.
3) No matter what crap they installed or littered on the machines, it was gone the next morning.
4) Rsync is smart enough to do deltas and only push across the files that have changed, so it was reasonably bandwidth friendly.
5) When a machine crapped out (due to software, anyhow), you could walk up to it, reboot it, perform the magic keyboard voodoo, boot into linux and reimage it.
I'm sure there's fancier ways of doing this, but it's the sort of thing you can potentially scrap together the basics in a few days and with the exception of the two machines, it's only the cost of labor.
-transiit -
Re:Fedora 6 patches to KDE are buggy, unpolished
The modified version of KDE that ships in Fedora 6 is really buggy and unpolished. There's been talk for two years about placing KDE in Fedora Extras so that it will be better supported by the dedicated KDE community, but Redhat seems to keep refusing the help and treating KDE apps as second-class citizens.
If you don't like the FC-packaged KDE, or you want very up-to-date releases, check out the kde-redhat project. It's been around for years, and it does a good job of making FC a KDE-friendly distro. You have to add another repository (in addition to Fedora Extras and Livna), but those are common. If/when KDE becomes part of Fedora (word is that FC7 is the time), the kde-redhat admin (Rex Dieter) has said he will take an active role in that project.[...]other changes (like using a 4-year old window decoration and widget styles) are at best the result of ineptitude or at worst a deliberate attempt to make KDE look bad and outdated.
I guess this doesn't bother me. I take about 5-10 minutes to make a series of changes to any default, be they KDE or FC, to end up with a setup that's substantially different. -
Re:SCT + gparted = crazy delicious
Too bad I don't have any mod points today, great advice on the gparted.
Gparted is excellent now, and I have used the live cd many times. It will resize ntfs w/o defragmenting first, which is my primary use for it. It also has a nice non-intimidating gui. -
Re:Someone convince me...
I see that you've gotten a few answers already, so I'll only post mine where they differ. (In other words, my complaints. I'm generally happy with OS X, though - enough so that I ordered a new MacBook Pro when I saw the announcement this morning.)
3) How stable is it. Macs are traditionally easy to use, but as I've owned dozens of Macs (and used to sell them too) I can attest that they were not the most stable machines out there (up until the first OSX spin). But browsing the knowledge bases and user forums (the BEST place for info) I see lots of issues.
Pretty good. If your hardware is working, the kernel will be solid.
Finder will be pretty unresponsive if a network drive has stalled - pretty normal for a Unix system, since non-blocking IO is unfortunately not supported on regular files. (The only system I've seen get around this is KDE with its ioslave design.) You can force quit it and it'll come back.
Some stuff takes up annoying amounts of CPU time. Safari will suck down all my CPU (and thus battery life) when on some pages, presumably because of a Flash or JavaScript interaction. Mail + Spotlight really get lost in some massive "Public Folders" hierarchies on my employer's Exchange server. I really wish they had a way of honoring IMAP subscriptions or telling it not to locally cache certain paths. You'll want to run with MenuMeters always visible so you can spot this before discovering that your battery is dead only an hour into the flight.
4) How much Free software is available? Can GNU/Open/Free programs be compiled easily and natively? I'd think because it's more consistent than the hundreds of Linux distros, this would be true...
Fairly easily. The compiler and linker arguments around dynamic libraries are a little weird, but the fink package system (like *BSD's ports) will generally patch things for you, and libtool-based stuff won't have a problem. I basically just type fink install foo and whatever I want shows up.
5) How solid is the workmanship. Hey, I get mocked at work because of my Dell, but it was cheap and it's fast. That's usually all I need. My Thinkpad is better built, but the $600 price difference was not worth it. What makes the Mac worth the extra $1K?
I don't think their laptops are really any better-constructed than the next guy's. I find all laptops to be pretty fragile - I've had way more problems with them than with desktops. I'm not normally an extended warranty guy, but I'd recommend it on any laptop. AppleCare is quite nice. You can also buy it at any time up to the last day the normal one-year warranty expires.
7) How does the two-finger trackpad stack up against real buttons? I.e., it's software to emulate two physical buttons. I've not used it before. Any drawbacks?
I didn't know about this feature, but on a later PowerBook, I used the two-finger scrolling. It works wonderfully.
-
Yes. It worked in FC5 and it still works now.
The ipw2100/ipw2200 driver is in the kernel package.
The firmware is freely available from http://ipw2200.sourceforge.net/ or the livna repo.
HTH HAND kthxbye. -
Re:Not for workstations
No, I agree "command-completion" is great and wonderful. But if you don't remember what the directory starts with then it can't help you (sometime you just have to see it to remember)...again this is a somewhat contrived but valid case.
I'm not a windows person (for most things) and I too have installed unixutils and couldn't imagine working without them.
The adobe example is probably the worst example of a GUI not doing it better. First, explorer makes all of the pdf's have a "pdf" icon and by just clicking on them it would launch Adobe Acrobat reader. Second, that would require you to remember the command for running Adobe...in the explorer GUI you just click, thats it. Don't get me wrong, I prefer the command line for many a task but at the rate your going sounds like you prefer it for *everything*. Lets see you play a first person shooter with the command line, or how about graphic editing? Its a *great* tool, but it isn't for everything no matter how much you want it to be. And that was my original point, use it when it makes sense or just use the right tool for the job. Sorry if I sounded condascending back at you... -
SCT + gparted = crazy delicious
The Shared Computer Toolkit is fairly easy to use. If you don't have Partition Magic, GParted (Gnome Partition Editor) works great, is freely available, and I've used it to setup shared machines with no problems. ( http://gparted.sourceforge.net/ )
-
Re:Someone convince me...
1) FreeBSD is under the hood with most common base system utilities pre-configured from Apple at time of shipment. You can install Fink or Darwinports to get an apt-get repository of OSX-binary distributions of many open source packages as well.
2) Java is much better on the new Dual Core machines than it was on PPC mac. Can't comment on how fast it is in comparison to non-macs, though.
3) In general, Tiger is quite stable and things work as advertised, for the most part. It's the first OSX release since 10.0 that actually feels mature/complete, IMHO.
4) A huge amount of open source software will compile on these machines/on this platform. Not as much as is available for most Linux distros, but unless you have very specific/unusual needs, chances are whatever utils you are using at the command line have OSX ports available. Check this out: http://fink.sourceforge.net/
5) Meh. MacBook Pros seem a little fragile/too expensive to drop. If you are a rough user of your laptops it's not the best choice, but Mac laptops prior to the MBP do tend to last several years as long as they aren't abused. (in general)
6) The MacBook Pros that are Core Duo (haven't tried the Core 2 Duo) feel extremely snappy and responsive in the UI, especially compared to Tiger running on PPC which is dog-slow without a gig of RAM. Tiger (Universal Binary verison) seems to be a more optimized port than the PPC version was. I was really impressed, mind you, with how fast the Parallels Desktop software (see http://www.parallels.com/ runs Windows XP on these machines. Windows actually feels fast enough to be fooled into thinking it's the primary boot-up operating system, it doesn't feel virtualized at all. Not sure if this is to the credit of Apple, Parallels, Intel, or Microsoft, but the virtualization of multiple OS's on these new dual processor Intel-based Macs is a nice reason to look at buying them. Our accountant where I worked has always been forced to use this old Win3.1 app to send her payroll to the company that manages our pay, and so we had to use Parallels running XP on her new Mac for it, and it works like a charm!
7) It takes a little getting used to, but it works very well once your fingers are accustomed to it. Not sure how easy it is on your hands long-term. I've always found trackpads a little annoying in general, but I can't even hold a PS2 controller without feeling aches and pains in my hands.
Note, these are all just my own general observations, and that YMMV. -
Re:What's the alternative?
Instead of pirating, go with open source games
http://osswin.sourceforge.net/games.html
http://loll.sourceforge.net/linux/links/Games/inde x.html
That way you won't have the need for not only $ony-Bony, but also Micro$haft and Pretendo. Micro$haft and Pretendo are just as evil as $ony-Bony, they too are against importers. Just take a look at all of the consoles by all three console manufacturers, they have blocked imports in some way or another without a mod. With the money saved from not purchasing the games, you can use the money to support the Open-Source movement. By supporting the Open Source movement, more people will know about Open Sorce and begin moving over to it, leaving the closed $ource developers in the cold where they belong. -
Re:What's the alternative?
Instead of pirating, go with open source games
http://osswin.sourceforge.net/games.html
http://loll.sourceforge.net/linux/links/Games/inde x.html
That way you won't have the need for not only $ony-Bony, but also Micro$haft and Pretendo. Micro$haft and Pretendo are just as evil as $ony-Bony, they too are against importers. Just take a look at all of the consoles by all three console manufacturers, they have blocked imports in some way or another without a mod. With the money saved from not purchasing the games, you can use the money to support the Open-Source movement. By supporting the Open Source movement, more people will know about Open Sorce and begin moving over to it, leaving the closed $ource developers in the cold where they belong. -
Re:Someone convince me...
You have owend "dozens" of Macs and you think you need Linux installed to make it useful?
You use to own "lots of Macs" and don't know about Fink?
And as a presumably long time Mac user you don't know you have a more complete POSIX system in OSX than cygwin provides in Windows?
And as a owner of "lots of Macs" you don't know the performance of Java when it was PPC?
wtf -
I'd like to take a moment to thank...
Phil Zimmermann.
...All /. readers owe it to themselves to become familiar with US vs. Zimmermann.
--
Slashcode bug # 497457 - unfixed since December 2001 - Go look it up! -
exactly!
I don't think NCSA mosaic was touted using such crap marketspeak - it was just so good the potential was obvious (I remember first using and thinking "this is the next big thing".) It didn't need lots of "paradigm shifting" type reviews.
Furthermore, I don't think this will ever take off until an Open Source server is available. There must be a free market to develop on the platform. If we didn't learn anything from the Amiga/Macintosh vs IBM PC story then we should've learned this. Closed platforms widespread use do not make. No company in their right mind would dedicate all their E-Commerce hosting to ONE provider with no alternative choice.
Ever since I saw VRML back in the mid ninties It thought this was where everything was going to head eventually - given the right video cards. I still think it will eventually. The thing is, we need a good general 3d pear to peer hosted open source platform to build the next web. If you want to have a full 3d world of your own it could be hosted on your own system. IPv6 will make this even easier.
There are already several open source projects trying to accomplish this, the Interverse project being one of them (btw, this avatar chick is hot.) As well as the VRML stuff from the mid-ninties.
BTW, I'm not affiliated with the Interverse project, I just think it's cool. Anyone know anything else similar? -
Re:right! Forget the metaverse...
It's dead.
Here are a couple that's not
http://interreality.org/
http://croquetproject.org/
http://metaverse.sourceforge.net/ -
Re:Can we get the FUD tag now?More MS FUD about being open
What? Do you even know what FUD is? Fear Uncertainty and Doubt. It's usually meant to mean the kind of news Microsoft might release saying "OMG Linux is insecure!!!~" or SCO saying "WTF Linux newbs must pay money or we'll sue!!!". Microsoft trying to show some interest in open standards certainly does not qualify as FUD, especially since this isn't the first open stuff they've done.- (no smoke without fire)
- Not to be the boy who cried wolf
- count the brass tacks
I think we have a finalist for the category 'Most Useless Cliches in a Slashdot Post'. Congratulations, however I've never heard of actually counting the brass tacks (though it appears I'm not alone) :) - (no smoke without fire)
-
Re:Free Speech?
If you have sox (a standard sound app often found on GNU/Linux systems), make a pink noise generator with:
sox -t sl - -t ossdsp
/dev/dsp synth 7:00:00 pinknoise < /dev/zeroReplace "7:00:00" with how long you want it to run in hh:mm:ss format. I run this to help me sleep at night, then use "at" to turn on the music player as an alarm clock ("xmms -p").
-
How to convert a song from Freeplay to Non-DRM
#1 Download Audacity or some other F/OSS audio program that allows you to capture and edit sounds from your sound card.
#2 Buy MP3 Freeplay Songs from Apple iTunes for your iPod or to play on iTunes.
#3 Open up Audacity, select your sound card output as the source, check the volume. Get the record button ready on a new audio file. Hit the record button in Audacity and hit the play button on iTunes, when the iTunes program is finished playing the song, stop the recording and cut out the silence between the song playing and "Export" to MP3 or OGG or whatever format you wish to export to. (Might need the LAME library to make a MP3)
#4 You now have a MP3 or OGG file without any DRM, quality may vary. Play it on your Non-Freeplay, Linux, OS/2, BeOS, whatever system or music player.
If the RIAA and Apple throws a hissy fit about this, reference the MPAA verses BetaMax case and the RIAA verses Casette recorders case, and see how TiVO brought about digital rights to make recordings of TV shows, movies, songs, etc as long as you paid for access to them first or got them off a free broadcast.
Remember as long as you own the rights to listen to a song, you have a right to a backup. This method does not remove DRM, nor does it crack it, in fact it does not even modify the original SafePlay file, all it does is make a standard audio file recording of the audio file you have the rights to listen to anyway. The downside is that it takes a long while to convert your collection over that way, but the upside is that it is not costly to do so. -
Re:No teledildonics?
-
Re:That goddamn PNG bug
pngcrush -rem gAMA infile.png outfile.pngI don't know what GUI apps let you save PNG without gamma information as I've always used pngcrush myself.
-
Re:Not every switcher falls in love
Added to that is the relative lack of quality freeware and open source apps and utilities (compared to Windows or Linux platforms).
Seriously? What open source app or utility doesn't run on OS X?He said freeware and open source, but off the top of my head (including freeware):
Foobar2000
Exact Audio Copy
VirtualDub
DVDShrink
Quicktime Alternative
Media Player Classic
7-zip
Quickpar
Nvu
Irfanview
Picasa 2
Paint.net
FileZilla -
Re:Not every switcher falls in love
Added to that is the relative lack of quality freeware and open source apps and utilities (compared to Windows or Linux platforms).
Seriously? What open source app or utility doesn't run on OS X?He said freeware and open source, but off the top of my head (including freeware):
Foobar2000
Exact Audio Copy
VirtualDub
DVDShrink
Quicktime Alternative
Media Player Classic
7-zip
Quickpar
Nvu
Irfanview
Picasa 2
Paint.net
FileZilla -
It is not a pain if you have FUSENo. You should read up on a nifty module (included in the mainline kernel) called FUSE. It lets a you mount various devices/files as private file systems.
The most incredibly useful application of this is sshfs, which basically lets you mount a remote machine as a filesystem without being root (as long as the FUSE kernel module is loaded). This has caused a huge productivity increase for me.
There is also an encrypted file system that runs under FUSE
http://arg0.net/users/vgough/encfs
So, you basically can have a big encrypted file lying around which you mount as a file system when you need it. The keys are encrypted in a separate control file, so there are no unencrypted keys lying around. You need both the pass phrase and the encrypted key file to mount the big file as an FS.
Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.
-
It is not a pain if you have FUSENo. You should read up on a nifty module (included in the mainline kernel) called FUSE. It lets a you mount various devices/files as private file systems.
The most incredibly useful application of this is sshfs, which basically lets you mount a remote machine as a filesystem without being root (as long as the FUSE kernel module is loaded). This has caused a huge productivity increase for me.
There is also an encrypted file system that runs under FUSE
http://arg0.net/users/vgough/encfs
So, you basically can have a big encrypted file lying around which you mount as a file system when you need it. The keys are encrypted in a separate control file, so there are no unencrypted keys lying around. You need both the pass phrase and the encrypted key file to mount the big file as an FS.
Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.
-
Re:eCryptfs
How does this compare to dm-crypt and LUKS?
dm-crypt is a block device encryption tool. eCryptfs is an actual cryptographic filesystem. Files can sit side-by-side in the same directory and be encrypted with entirely independent sets of keys. Incremental backup utilities can access the encrypted versions of the files. eCryptfs is an order of magnitude more complex and flexible than block device encryption tools.
it seems like reinventing the wheel.
Read the paper:
http://ecryptfs.sourceforge.net/ecryptfs.pdf -
eCryptfs
A new addition to the 2.6.19 Linux kernel, eCryptfs, addresses many of these problems:
http://ecryptfs.sf.net/
eCryptfs is an actual filesystem operating at the VFS layer of the Linux kernel. It stacks on top of other filesystems like ext3 and encrypts files one at a time, with each file getting its own key.
Who cares about encrypting libc or the x.org libraries? People want to encrypt their financial, medical, and other such data. eCryptfs makes it easy to encrypt only what users want to encrypt.
Some ways that eCryptfs deals with the issues raised:
What happens when the user forgets his/her new FDE password?
The best answer is, ``You're screwed.'' That is the way it should be; without the secret, nobody -- not even you -- can get to the data.
Now, out here in reality, things can't be quite that convenient. Try telling the CEO that his third-quarter reports are lost forever. The next-best thing is intelligent key escrow. I tend to recommend (m,n)-threshold sharing, wherein a certain number of people in a group need to collude (say, 3 out of 5 people in the company) in order to reconstruct the secret value.
eCryptfs userspace tools have a pluggable key management infrastructure, and thus it can keep the secret value in any token device for which a module exists. These hardware devices do not need to be expensive. In fact, Thinkpads come with TPM chips built-in, and a TPM key module already exists for eCryptfs:
http://trousers.sourceforge.net/tpm_keyring2/quick start.html
How to manage the encryption key backup files?> Who has possession of the backups of the encryption keys? What about when the users quits and does not hand over the password / encryption keys?
All of these are addressed with something like (m,n)-threshold sharing:
http://en.wikipedia.org/wiki/Secret_sharing
Also, because eCryptfs encrypts on a per-file basis, an incremental backup utility can just access the encrypted files on the lower filesystem. All of the information needed to decrypt the files is right in the header of each file; all you need is the key.
Who can access the system and its encrypted files?
This is a semantic security problem that the tools should definitely address. eCryptfs, in its current form, provides fairly flexible key management options, but the design goals of eCryptfs are much more ambitious, and they seek to address these sorts of issues:
http://ecryptfs.sourceforge.net/ecryptfs.pdf
How frequently does the password need to be changed?
Ideally, one would use eCryptfs in public key mode, so that is largely a non-issue. The secret can remain locked in a TPM chip, and the key can be escrowed.
How to prevent the user from writing the passwords down?
There is nothing wrong with writing passwords down, as long as the paper on which the passwords are written is stored in a location that can be made at least as secure as is necessary to protect the data that the passwords are protecting. In any event, the secret value can depend on a password *and* something else, like a file. The OpenSSL key module can be used in that way.
Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues. But these hardware tokens are costly!
Not really; many laptops shipped today have TPM chips built-in.
Oh, yeah, and all of eCryptfs -- both the kernel and userspace components -- are GPL. Give it a try. -
eCryptfs
A new addition to the 2.6.19 Linux kernel, eCryptfs, addresses many of these problems:
http://ecryptfs.sf.net/
eCryptfs is an actual filesystem operating at the VFS layer of the Linux kernel. It stacks on top of other filesystems like ext3 and encrypts files one at a time, with each file getting its own key.
Who cares about encrypting libc or the x.org libraries? People want to encrypt their financial, medical, and other such data. eCryptfs makes it easy to encrypt only what users want to encrypt.
Some ways that eCryptfs deals with the issues raised:
What happens when the user forgets his/her new FDE password?
The best answer is, ``You're screwed.'' That is the way it should be; without the secret, nobody -- not even you -- can get to the data.
Now, out here in reality, things can't be quite that convenient. Try telling the CEO that his third-quarter reports are lost forever. The next-best thing is intelligent key escrow. I tend to recommend (m,n)-threshold sharing, wherein a certain number of people in a group need to collude (say, 3 out of 5 people in the company) in order to reconstruct the secret value.
eCryptfs userspace tools have a pluggable key management infrastructure, and thus it can keep the secret value in any token device for which a module exists. These hardware devices do not need to be expensive. In fact, Thinkpads come with TPM chips built-in, and a TPM key module already exists for eCryptfs:
http://trousers.sourceforge.net/tpm_keyring2/quick start.html
How to manage the encryption key backup files?> Who has possession of the backups of the encryption keys? What about when the users quits and does not hand over the password / encryption keys?
All of these are addressed with something like (m,n)-threshold sharing:
http://en.wikipedia.org/wiki/Secret_sharing
Also, because eCryptfs encrypts on a per-file basis, an incremental backup utility can just access the encrypted files on the lower filesystem. All of the information needed to decrypt the files is right in the header of each file; all you need is the key.
Who can access the system and its encrypted files?
This is a semantic security problem that the tools should definitely address. eCryptfs, in its current form, provides fairly flexible key management options, but the design goals of eCryptfs are much more ambitious, and they seek to address these sorts of issues:
http://ecryptfs.sourceforge.net/ecryptfs.pdf
How frequently does the password need to be changed?
Ideally, one would use eCryptfs in public key mode, so that is largely a non-issue. The secret can remain locked in a TPM chip, and the key can be escrowed.
How to prevent the user from writing the passwords down?
There is nothing wrong with writing passwords down, as long as the paper on which the passwords are written is stored in a location that can be made at least as secure as is necessary to protect the data that the passwords are protecting. In any event, the secret value can depend on a password *and* something else, like a file. The OpenSSL key module can be used in that way.
Using hardware token (RSA Token, smartcard etc) can alleviate many of the password management issues. But these hardware tokens are costly!
Not really; many laptops shipped today have TPM chips built-in.
Oh, yeah, and all of eCryptfs -- both the kernel and userspace components -- are GPL. Give it a try. -
Have you only ever used Java?
Have you only ever used Java?
I find that when somebody advocates the use of Java, it's because Java is basically the only language they know. They're not aware of how easy data structures are to create and manipulate in languages like Common Lisp, Haskell, OCaml, SML, Python, Ruby, and Smalltalk.
Take the Smalltalk collection classes. They're a work of art, and put the Java Collections classes to shame. The homepage of the Jaggregate project, which offers Smalltalk-inspired collection classes for Java, shows very well just how fucked up the JCF is. -
Re:a step above any Linux distro ?
Then you should have gotten apt for the Mac! Fink uses apt for it's package management, and it can either compile directly from source or download binaries of the packages that you want. But I'm confused as to what you are trying to upgrade. If you're using the pre-packaged daemons, then yeah, it's probably a pain to upgrade. But it's open source software, nothing is stopping you from disabling those and using Fink to get a different version.
-
Re:Mac OS X vs. Ubuntu
Run Fink and you should be good as far as package management. If you want gnome-terminal, run gnome-terminal. OS X has support for X Window, so I don't understand why that's a problem. LaTeX is great on OS X. I use Textmate as my editor and it edits LaTeX better than any non-OS X editor I've ever used.
-
Re:a step above any Linux distro ?
So why not use Enlightment instead of KDE or GNOME?
It's slim, uncluttered AND pretty. -
Re:If Java 1.4 works for you....
1.5 added more than just generics, and the bytecode format really is not compatible, so there really isn't much they can do about it.
Use retroweaver to get 1.5 features and annotations in 1.4 code -- http://retroweaver.sourceforge.net/
> There's no reason Java should require 500MB, but that's the size of my Java directory
You have something pretty funny going on there. My jdk1.6 install is 178 megs. I didn't download the separate docs tho, which do add loads and loads of space. Most of the JDK comes with source anyway, and eclipse pulls javadoc right out of source, so I saw little need for it.
Not that 178 megs is small, but I think as long as the full JDK weighs in under 200 megs, it's doing all right.
Now glassfish (the JEE5 reference platform) is monstrous, but it was intended to be the kitchen sink from the start. -
Re:Sounds like Mac OS X 3 years ago.
I wonder how well xrdp works?
http://xrdp.sourceforge.net/ -
Re:It really baffles me.
That's why Virtual Dimension is your friend. It works a hell of a lot better than Microsoft's PowerToy, though there are a few minor bugs at least you get unlimited virtual desktops. I recommend version 0.93 as I've had problems with 0.94.
-
Re:Firefox
Or hv3. It's got CSS compliance that passes Acid2, 90% frame support, and no Javascript or Flash support. The only negatives are it's a little alpha-y (background tabs block the whole UI, etc.) and there's no HTTPS support. It's rather lightweight, however, and actively developed. I use it on my Thinkpad 233MHz no trouble.
I'll use elinks for GMail and my bank website because it handles HTTPS. Using plain links for regular web browsing pales in comparison. Even w3m or dillo do better than that. And, if I'm not mistaken, Lynx is only used at libraries without funding, at universities with a documentation/knowledge base system build around it, and for users with disabilities. Well, I guess you can script with it...