Seems to me this very problem is what operating systems like Qubes were designed to address.
Since you can run the browser in two different environments for different purposes, it is possible that you only have Lastpass accessible when you're visiting trusted websites and you use the browser in the "untrusted" environment which does not have access to Lastpass when you surf random sites.
Then for someone to use this method to get your passwords, they have to hack a website you consider trusted.
Problem solved in a way that allows for the inevitable bugs and flaws in each app.
The offending section seems to have an even bigger issue in it.
It reads: B. Certain components of the Apple Software, and third party open source programs included with the Apple Software, have been or may be made available by Apple on its Open Source web site (http://www.opensource.apple.com/) (collectively the "OpenSourced Components"). You may modify or replace only these OpenSourced Components; provided that: (i) the resultant modified Apple Software is used, in place of the unmodified Apple Software, on a single Applelabeled computer; and (ii) you otherwise comply with the terms of this License and any applicable licensing terms governing use of the OpenSourced Components. Apple is not obligated to provide any updates, maintenance, warranty, technical or other support, or services for the resultant modified Apple Software. You expressly acknowledge that if failure or damage to Apple hardware results from modification of the OpenSourced Components of the Apple Software, such failure or damage is excluded from the terms of the Apple hardware warranty. ---
Now, one of the open source components used in Safari was/is Khtml which is licensed under the GNU LGPL. Now this clause allows you to modify & use the open source components ONLY if you use them on a single system (assuming the apple-labeled part has been fixed as i've heard).
Everyone can witness Micro-Evolution (changes within one species).
No one has witnessed Macro-Evolution (changes from one species to another). We have some reasonable evidence of Macro-Evolution from the fossil record but even that isn't conclusive. Seems like every time we find a missing link, it just creates more missing links to find.
The presence of Truecrypt on the base system will reveal the possibility that this is done. Any competent investigator will look. Especially when the partition sizes in use don't add up to the total size of the drive.
Better to have a "clean" system to give them when they present the warrant. Only evidence left on the system is the BIOS boot order which is hardly evidence of anything.
Encrypting your hard drive is a good step for most users but not for criminals or someone with anything to hide from the government.
With an encrypted hard drive, the government will simply jail you until you give them the keys to decrypt the drive. Same problem for using GPG or PGP to encrypt files. They can generally afford to wait longer than you can.
To protect yourself, you need use some subterfuge. If I had something significant to hide, I would run a normal install on the installed hard drive (probably as it came from the vendor) which I would use for non-secret surfing, etc. Then I would use a USB hard drive with a encrypted fully installed OS (like this howto) on it for anything secret. When I needed to do secret stuff, I'd plug in the USB key, reboot, do what i needed to, then reboot to the "clean" OS when I was done. Then hide the USB key.
With a little luck, if/when you get arrested they won't find the USB key. If they do, then you're back at the original problem but at least you can decide whether to give them the password or remain in jail for contempt.
From which we learn that: The system consists of approximately 27,000 lines of Java and C code, 2,000 of which comprise the GUI for anonymous filesharing and a helper application for k-anonymous chat while the rest form the core system. (Section 5: Performance)
So Herbivore provides anonymity for filesharing and chat. That is all it can do in its current implementation.
On the other hand, Tor works with any IP based protocol and can be integrated into the applications that a user currently uses.
The second weakness of Herbivore is that it is not ready for distribution yet. The only code available is if you request to be part of the initial rollout by non-anonymous email. Herbivore Download Page
Tor is not only available for download, it is in current use.
The third weakness of Herbivore is that it requires that a client application be run on the users system. If your system is ever confiscated and examined by the authorities, this can be judged to be evidence of potential wrong doing resulting in further examination (if you don't believe this is possible, just read: PGP Ruled as Relevant For Criminal Case). A secondary weakness of the client is that it will limit the operating systems that Herbivore will run on to those systems that support Java and that Herbivore has been developed for (I2P has the same problem).
On the other hand, Tor can be used by simply configuring the users application to use a known Tor entry point as a proxy server. This configuration can be removed when the user is done, leaving little or no tracks. In this way, Tor can be used by any system that supports TCP/IP and SSL.
And the fourth and last weakness I will mention is that since Herbivore has not been released yet, it has not undergone extensive peer review and testing. On the other hand, the reason we are aware of Tors weaknesses is because it has been released, tested and peer reviewed. As we've learned from many cryptographic systems, you should not trust them until this peer review is complete and any/all weaknesses are known (which is why Tor has the disclaimer that it should not be fully trusted yet).
While Herbivore may provide strong anonymity, in no way is it a replacement for a general anonymity tool like Tor. On the other hand the more tools we have, the better. So I look forward to testing Herbivore when it becomes available.
For anyone that wants to experiment with Debian, DM-Crypt and Luks, check out the howtos and/or the USB installer at http://feraga.com./
I've been running lately from a USB Flash Drive (1GB) with everything but/boot encrypted for over a year and haven't had a issue. I'm sure its a little slower but dont notice it much.
This also allows you to leave a full installation with no private or incriminating data on the hard drive so if they ask to see the laptop......just let them.
The flaw in this design is that it does nothing to protect smaller parties from the bigger.
It is unlikely that small parties will have enough representatives to be at ALL polling places. So in the polling places where they are underrepresented the two large parties (democrats & republicans) can take turns contesting their ballots. Effectively keeping it a two horse race.
Its better than a sealed electronic box counting but not perfect.
I've been running linux from an encrypted USB stick for a while (as discussed on http://feraga.com/node/30 ) and it works fast enough for everyday use. Just make sure you buy a real USB-2.0 Stick.
Debian has had AMD64 support for a long time in Sid and in Etch as testing.
This is only news because when Etch moves to stable it will be the first Debian release with official support for it. Nothing new here just the normal process.
I once worked for a small computer OEM that specialized in Linux boxes. For every new system we sent out, we put a sticker directly over the power button that said "The root password is Password" so the new user had to remove the sticker to power the system on.
For about 1 in 10 systems, we still got a call "whats the root password?"
And if you review the portable OpenSSH changelog you will see that patches have been submitted by IBM, Sun, and Redhat to just mention a few. So according to the donated code logic they're in the clear now right?
Or maybe this was always about dollars to Theo and so it fair to look at how many dollars OpenBSD passes on.......any?
I have one question from Mr. De Radt. Since OpenBSD does not exist in a vaccum and since it does use parts of other projects (Like GCC from GNU), how much does OpenBSD give to those projects that it uses?
Or does OpenBSD feel entitled to take those things without payment because its giving away what it produces? Kinda like the Linux and other BSD distros are doing with OpenSSH?
Slashdot Mirror
Seems to me this very problem is what operating systems like Qubes were designed to address.
Since you can run the browser in two different environments for different purposes, it is possible that you only have Lastpass accessible when you're visiting trusted websites and you use the browser in the "untrusted" environment which does not have access to Lastpass when you surf random sites.
Then for someone to use this method to get your passwords, they have to hack a website you consider trusted.
Problem solved in a way that allows for the inevitable bugs and flaws in each app.
https://www.qubes-os.org/
when was the last time you checked your httpd file?
If you're using tripwire or another similar tool and its properly configured, then you should be notified of file changes.
As long as you're paying attention, this doesn't seem like much of an issue.
Oops hit submit when I meant preview....comment continued.
Now isn't this limitation a violation of the LGPL? Or am I reading too much into it?
IANAL but....
The offending section seems to have an even bigger issue in it.
It reads:
B. Certain components of the Apple Software, and third party open source programs included with the Apple Software, have been or may be made available by Apple on its Open Source web site
(http://www.opensource.apple.com/) (collectively the "OpenSourced Components"). You may modify or replace only these OpenSourced Components; provided that: (i) the resultant modified Apple
Software is used, in place of the unmodified Apple Software, on a single Applelabeled computer; and (ii) you otherwise comply with the terms of this License and any applicable licensing terms
governing use of the OpenSourced Components. Apple is not obligated to provide any updates, maintenance, warranty, technical or other support, or services for the resultant modified Apple
Software.
You expressly acknowledge that if failure or damage to Apple hardware results from modification of the OpenSourced Components of the Apple Software, such failure or damage is excluded from
the terms of the Apple hardware warranty.
---
Now, one of the open source components used in Safari was/is Khtml which is licensed under the GNU LGPL. Now this clause allows you to modify & use the open source components ONLY if you use them on a single system (assuming the apple-labeled part has been fixed as i've heard).
Everyone can witness Micro-Evolution (changes within one species).
No one has witnessed Macro-Evolution (changes from one species to another). We have some reasonable evidence of Macro-Evolution from the fossil record but even that isn't conclusive. Seems like every time we find a missing link, it just creates more missing links to find.
Actually there is no single theory called the Theory of Evolution. Darwin proposed 5 theories that work together.
Thanks for playing.
Yeah, "your wife's" addiction. Right...........
The presence of Truecrypt on the base system will reveal the possibility that this is done. Any competent investigator will look. Especially when the partition sizes in use don't add up to the total size of the drive.
Better to have a "clean" system to give them when they present the warrant. Only evidence left on the system is the BIOS boot order which is hardly evidence of anything.
Encrypting your hard drive is a good step for most users but not for criminals or someone with anything to hide from the government.
With an encrypted hard drive, the government will simply jail you until you give them the keys to decrypt the drive. Same problem for using GPG or PGP to encrypt files. They can generally afford to wait longer than you can.
To protect yourself, you need use some subterfuge. If I had something significant to hide, I would run a normal install on the installed hard drive (probably as it came from the vendor) which I would use for non-secret surfing, etc. Then I would use a USB hard drive with a encrypted fully installed OS (like this howto) on it for anything secret. When I needed to do secret stuff, I'd plug in the USB key, reboot, do what i needed to, then reboot to the "clean" OS when I was done. Then hide the USB key.
With a little luck, if/when you get arrested they won't find the USB key. If they do, then you're back at the original problem but at least you can decide whether to give them the password or remain in jail for contempt.
While Herbivore sounds interesting, don't forget to mention its limitations as well.
In the Herbivore documentation, you will find this PDF: Eluding Carnivores: File Sharing with Strong Anonymity
From which we learn that: The system consists of approximately 27,000 lines of Java and C code, 2,000 of which comprise the GUI for anonymous filesharing and a helper application for k-anonymous chat while the rest form the core system. (Section 5: Performance)
So Herbivore provides anonymity for filesharing and chat. That is all it can do in its current implementation.
On the other hand, Tor works with any IP based protocol and can be integrated into the applications that a user currently uses.
The second weakness of Herbivore is that it is not ready for distribution yet. The only code available is if you request to be part of the initial rollout by non-anonymous email. Herbivore Download Page
Tor is not only available for download, it is in current use.
The third weakness of Herbivore is that it requires that a client application be run on the users system. If your system is ever confiscated and examined by the authorities, this can be judged to be evidence of potential wrong doing resulting in further examination (if you don't believe this is possible, just read: PGP Ruled as Relevant For Criminal Case). A secondary weakness of the client is that it will limit the operating systems that Herbivore will run on to those systems that support Java and that Herbivore has been developed for (I2P has the same problem).
On the other hand, Tor can be used by simply configuring the users application to use a known Tor entry point as a proxy server. This configuration can be removed when the user is done, leaving little or no tracks. In this way, Tor can be used by any system that supports TCP/IP and SSL.
And the fourth and last weakness I will mention is that since Herbivore has not been released yet, it has not undergone extensive peer review and testing. On the other hand, the reason we are aware of Tors weaknesses is because it has been released, tested and peer reviewed. As we've learned from many cryptographic systems, you should not trust them until this peer review is complete and any/all weaknesses are known (which is why Tor has the disclaimer that it should not be fully trusted yet).
While Herbivore may provide strong anonymity, in no way is it a replacement for a general anonymity tool like Tor. On the other hand the more tools we have, the better. So I look forward to testing Herbivore when it becomes available.
Well I use Linux so I dont have MS Office but I extract the text from MS Word documents using Antiword or Catdoc and then read them in Vim.
.vimrc to make it automagic:
Antiword: http://www.winfield.demon.nl/
Catdoc: http://www.45.free.net/~vitus/software/catdoc/
Add this to your
autocmd BufReadPre *.doc set filetype="msword"
autocmd BufReadPost *.doc silent %!antiword "%"
autocmd Filetype msword call s:MyMSWordSettings()
function! s:MyMSWordSettings()
set readonly
set hlsearch!
endfunction
For RTF documents, check out UnRTF: http://www.gnu.org/software/unrtf/unrtf.html
The first thing I would do is build a self-contained Debian install, then you can add any tools from the Debian repositories with a simple apt-get.
For examples of how to install and configure everything check out the Howtos and Automated Installer at Feraga.com.
Why use an external application when you can use DM-Crypt and LUKS that are already built into the kernel?
For anyone that wants to experiment with Debian, DM-Crypt and Luks, check out the howtos and/or the USB installer at http://feraga.com./
/boot encrypted for over a year and haven't had a issue. I'm sure its a little slower but dont notice it much.
I've been running lately from a USB Flash Drive (1GB) with everything but
This also allows you to leave a full installation with no private or incriminating data on the hard drive so if they ask to see the laptop......just let them.
The flaw in this design is that it does nothing to protect smaller parties from the bigger.
It is unlikely that small parties will have enough representatives to be at ALL polling places. So in the polling places where they are underrepresented the two large parties (democrats & republicans) can take turns contesting their ballots. Effectively keeping it a two horse race.
Its better than a sealed electronic box counting but not perfect.
I've been running linux from an encrypted USB stick for a while (as discussed on http://feraga.com/node/30 ) and it works fast enough for everyday use. Just make sure you buy a real USB-2.0 Stick.
Or a full version of Debian with encrypted partitions.
Check out: http://feraga.com/node/30
Debian has had AMD64 support for a long time in Sid and in Etch as testing.
This is only news because when Etch moves to stable it will be the first Debian release with official support for it. Nothing new here just the normal process.
I'm running AMD64 SID with gcc 4.1.2 here.
Everything is stable and works well.
I once worked for a small computer OEM that specialized in Linux boxes. For every new system we sent out, we put a sticker directly over the power button that said "The root password is Password" so the new user had to remove the sticker to power the system on.
For about 1 in 10 systems, we still got a call "whats the root password?"
Look into the Autofold script.
2 5
It only supports a few languages so far but its fairly easy to extend and the developer will work with you.
Direct link: http://www.vim.org/scripts/script.php?script_id=9
And if you review the portable OpenSSH changelog you will see that patches have been submitted by IBM, Sun, and Redhat to just mention a few. So according to the donated code logic they're in the clear now right?
Or maybe this was always about dollars to Theo and so it fair to look at how many dollars OpenBSD passes on.......any?
Once again.........pot? kettle?
And others have contributed code back to OpenSSH.
As Theo said, this is about dollars.
I have one question from Mr. De Radt. Since OpenBSD does not exist in a vaccum and since it does use parts of other projects (Like GCC from GNU), how much does OpenBSD give to those projects that it uses?
Or does OpenBSD feel entitled to take those things without payment because its giving away what it produces? Kinda like the Linux and other BSD distros are doing with OpenSSH?
Pot? Kettle?
Oh and check out http://distortedview.com./
Its audio pornography and hilarious.