By saying that he has FIVE disks that are entirely encrypted, he gave you a clue that they were not all bootable disks. Why would one worry about putting an MBR on a non-bootable disk? If there's no MBR on the disk, why would one worry about whether it is encrypted or not?
Why is everyone so hung up on encrypting a boot record, anyway? The purpose of encrypting these disks is that one cannot take a disk away and gain access to the data. If someone had physical access to a system, where they could alter the system then put it back in place for the owner unsuspecting owner to use again, the encryption system used is not the problem. Given that level of intrusion, passwords and even biometric measures are likely to fail to protect the data. I'm not sure a secure token would be enough for that dedicated a hacker.
For less drastic protection, allowing the boot disk to load up the encryption algorithm and present a challenge and password should be sufficient. It would be very easy to configure a USB key to be the boot device for a system, and have the boot sequence mount the kernal from an encrypted disk. No MBR on the root disk at all, so the entire disk could be encrypted.
You asked "Why is this a problem?" I did not pose it as a problem, merely shared my experience for information. If you think what I do is irrelevent, ignore it. I read opinions and ancedotes related by others all the time, and sometimes even find many of them interesting.
On your other points, yes, it is possible that an admin could disguise a key-logger on my company laptop to steal my truecrypt password, and therefore gain access to that data. It is a violation of our corporate security policy, but it could be done. I don't expect them to go to that length to spy on me, however.
I keep a TC volume on my corp laptop because I occasionally want to access non-corporate, privately owned files without having to carry a second laptop with me. My company allows "limited private use" of corp computer equipment, email, and Internet access, so there should be no hand-slapping involved. I want to keep my private files private, because they are no one else's business but mine.
In the event that I have a malfunction on the computer, or I get to upgrade, or I decide to leave the company, or any of a dozen reasons that I lose physical control of the laptop, the TC volume will ensure that my files stay private. I'm not being paranoid, nor is there anything shocking or illegal in the private space that I would have to worry about, but it's still a better policy to keep the files locked away.
There are things in the TC volume that I find funny, or interesting, that my fellow employees may not. Off-color jokes, or cartoons, downloaded discussions of non-work-related political causes, my tax information or IRA contributions, etc. It's just best to have these things kept private, even from my fellow employees. The PointSec encryption on the laptop as a whole does this for the majority of situations, the TC volume takes care of the rest.
If someone were to truly dedicate themselves to finding out my every last secret, I'm sure they could do it. They could install a key-logger on my system, a camera in the ceiling tiles above my desk, put bugs in the furnishings around me, use TEMPEST techniques to capture the output of my monitor, etc. If they want to know that badly, all they would have to do is ask (they might have to say please, and give me a decent reason they want to know.) I'm not THAT secretive, and what I am hiding is not that important.
Still, it's fun to use an encryption system to lock away my "naughty secrets." When it comes time to turn in the laptop, all I have to do is to erase the private.tc file from my home directory, and know that the data is gone. Even an unerase utility will not retrieve the files. It's possible that fragments of the files were swapped out to disk by the Windows swap utility, but like I said, there's nothing there THAT damaging that I'm worried about it.
Yeah, I've been using Truecrypt for about three years, too. Never had a problem with it. I did lose one password, but that's my fault, not TC's. It wasn't a big deal, since it was a "travel disk" anyway. I just reformatted and set it up with a new password, then reloaded my data. Always keep a backup.:-)
I've thought about dual booting, but never did. I've got a big system, with one boot disk for Winders, and one for Linux. My/home file system is on a RAID mirror, and I have an external media disk, where I store my audio and movies and such. Five drives in total, and chronically running short on space. I'll be upgrading my media disks again soon, most likely to an external RAID. All that to say, if I'm spreading out file systems to this extent, why boot two OSes from one disk? What would be the point?
One of the advantages of Truecrypt is the ability to encrypt external drives. I have several drives that I use to transport media (audio, movies, ebooks, etc.) when I travel. If one gets stolen, it will appear to be empty, or corrupted. If it gets comfiscated by the copyright police, it will appear to be random data. Using TC, I can mount these drives on my Linux box at home, my Windows box at work, or connect it to my wife's Mac to transfer files. All I need is the portable version of TC on a USB key, and I'm golden.
Um, perform encrypted backups? Or is that too much?
Personally, I rsync a diff of my files over ssh to another computer and store the results in a compressed archive on an encrypted drive. I have multiple copies of my files in case of failure, all transport was encrypted, and all files remain encrypted on all media.
The term that is used on the Truecrypt website is "System Encryption" and it works by loading an encryption program into the boot block of the boot disk. The MBR will call the boot block, which then prompts for a password. The password is used to attempt to decrypt the rest of the boot partition. If it fails, there is no boot, and the only data that is unencrypted on the disk is the boot program itself. The rest of the disk looks like random data. If that's not "whole disk" encryption because the MBR is not itself encrypted, then what is the advantage of encrypting the MBR?
While I've read through your list of problems and agree that most of them would keep it from being deployed by Government, I've got to ask, "who gives a shit?" Do I care if the Govnernment is using the product I use to keep myself safe from them? No, I don't.
Also, while support from external authentication devices would be nice, there is support for keyfiles as well as passwords, so technically this is a two-factor authentication system. Since the system will not boot at all with System Encryption enabled without the password entered, Automatic update for user password changes (for when a NEW USER is given access to the system) is meaningless. When the user changes the encryption password on the system, it's changed. No automatic update needed. It's true that if the current user leaves without providing the password he is using, the hard drive is inaccessible, and therefore useless to anyone else, us but isn't that the point?
My company uses PointSec for WDE for our systems. It seems to work well, and yet I understand that nothing I put on the system is private. My PC admin has the ability to log in at any point and rifle through my files. If someone in our home office decides to reset my password through Active Directory, there's nothing I can do about it. I'll be locked out and not able to even view my files or get a chance to delete any private data I may have on the machine. I use a TC volume to keep my private files private. The hard drive is encrypted, so if the laptop is stolen, no one can yank the drive and steal corp data, but on the other hand, if someone want's to see what I've got in the box, all they'll find is an encrypted file. The TC is for ME, not for my Government or my employer.
If you KNOW that you are using a hidden volume, then you know that writing data to the outer volume (the false front, so to speak) requires a bit of special care. Don't use the outer volume as a real place for often changing data. It's a smoke-screen, a place to put stuff so the cops ^H^H^H^H interested other parties will not be able to prove you have anything else to hide. "See officer ^H^H^H^H^H^H^H interested other party, all I was hiding in my encrypted volume was my taxes and pictures of Britney Spears!"
It's funny that we keep hearing about "consensus." When other scientists make a discovery or a breakthrough, they gather their data, and get it peer reviewed for accuracy. If the peers cannot find fault with the process, the scientific conclusion is accepted as a working theory (scientific theory, which means that it's pretty much a proven fact, not public opinion theory, which means it's open to debate.)
With this debate, no one seems to have enough data to form a scientific conclusion, so everyone is talking about the scientists coming to a consensus. This means that, while they do not have enough evidence to solidly prove anything, they all believe they have the correct answer, given the data that they have reviewed. Not a slam dunk, by any means.
The evidence shows we are experiencing a warming trend. Thirty years ago, we were in a cooling trend. We know that man is producing a large amount of CO2. We know that CO2 is a greenhouse gas. We know that the sun is in a warm cycle (1600 year trend.) We know that temperatures are at 100 year highs (that's all we know, since we only started recording the temperature a little over 100 years ago.) Previous records were set in the 1930s.
Odds are we will experience some serious draughts, and see some sea level rise. It might even cause some massive problems for people who already live in horrible places (Sahara Desert, anyone?) Increased CO2 means increased crop production, which means more food, if we can get water to the crops. Some low lying cites might be at risk for periodic flooding. If we have a massive die-off, we will produce less CO2, in which case the humans can no longer be blamed for the increase in temperature. Either way, the effects will not be catastrophic in my lifetime.
I'm teaching my kids to swim, and fish. I might buy a boat. On the other hand, it's now cool to talk about reducing oil usage (something I've been doing for years,) and increasing solar and wind power generation. I like that. Perhaps WaterWorld is not such a bad place.
Your file server's been running XP for three whole weeks? Without crashing? Call the newspapers! Seriously, all joking aside, many Unix installations run for many months at a time without a restart, and without issue. Stable is relative, it seems.
Still, that having been said, I believe that if you restart XP on a regular basis (daily,) it should be stable for at least a year, possibly as much as two before it needs to be scrapped and completely re-installed.
When my wife's Windows box failed for the third time in a year (no virii or spyware found, just ground to a halt and started crashing) I decided to install Linux on it instead of re-installing Windows again. My wife was concerned. Although she'd seen me using Linux for my main desktop for the last four years, she didn't have any confidence that it could do the things she was used to doing (surfing the web, reading email, etc.)
I installed Ubuntu. She uses Firefox and Evolution, and Open Office for word documents and spreadsheets. To date, there isn't anything that she's come to me and said she can't do. It's been just over a year. She's forgotten she's using Linux, and just uses her "computer" now.
By the way, we also have been happy Tivo users for about five years. It Just Works.
Thank you Walt-sjc. That was a much better reply than I was going to offer. For El-Lobo, understand that I have been working in computers since 1985. I began my career in the IT industry by installing a Novell network for the company I worked for, and writing an integrated inventory module into the corporate accounting package the company used. Before I did that (and after, for a couple of years) I repaired microfilm cameras and film processors, so I was a hands-on technician.
Since that time, I've installed, configured, maintained and repaired such a huge number of computers I would not be able to give you a decent count. Yes, there is no magic, I agree with that statement. There are, however, problems with every operating system out there. I've worked on Apple OS, VMS, Wang, Novell, MS-DOS, DR-DOS, OS-9, Windows 1.0, 2.0, 3.0, 3.1, 95, 98, ME, XP, 2000, and 2003, Xenix, Unix (system V), Solarix, AIX, HP-UX, Linux, and BSD. I believe I know a thing or two about operator privilege and permissions. I also know what clear text configuration files look like.
The Windows registry is fine as a machine readable configuration database. It's quick to access and fairly accurate. If you know what you're doing, it can be easy to manipulate with simple tools (regedit.exe.) It is NOT user or admin friendly, however. The fact that some companies seem to be able to write registery entries that are meaningful and user readable is fine for them, but as a whole, the registery encourages cryptic entries. This fits in very well with the purposes of malware and spyware companies, who want thier entries hard to find and read.
The idea that I can run all of my programs (on windows) in limited user mode and avoid trouble alltogether is also bullshit. Quite a few of the programs that are normally run require so many privileges elevated that it is by far easier to just run in Admin mode. My work computer, which I don't administer, is not set up with me running as Administrator. In fact, the Administrator account is disabled, and admistration rights belong to the PC administrator in my office. He's the only one who has unfettered access to the system.
There are, however, several small spyware or malware apps that have managed to become installed on the system. I find them and kill them, but I know that next time I look, there will likely be something hidden in there somewhere. Is this magic? No. This is BAD PROGRAMMING.
Understand that I'm not saying that Linux or Unix is perfect. I know that there are exploits for those systems that come from programming mistakes as well. There have been several highly publicised vulnerablilities in the last couple of years for both Linux systems and BSD Unix systems (including Apple OS X.) Well, publicly announced exploits or not, everyone I know who runs Windows spends time, money and system resources on tools to keep the malware at bay. It's a running battle, and three to four times a year, there's another widespread outbreak where everyone is urged to download a fix or protection because an exploit is sweeping the nation, compromising tens of thousands of machines.
Can you tell me when the last outbreak of rabid spyware bots was on Linux systems? When did something sweep the nation on BSD, infecting everthing it touched until Symantec could get a fix in place? I thought so.
For all of those people who are proudly Linux free, or BSD free, and proclaim Microsoft Windows to be the One True Solution, thanks for the entertainment. For the of us, there are some who have tried all of them, and decided on one or two favorites. For my money, Linux is the best out there today. Ubuntu is the flavor of the month, and seems to be the best for me. I will say happily that I have not had time to try all the flavors of Linux, and I will probably have a different favorite flavor in the next six months or so. Although, I'm on my way out to buy a new Apple, we'll see if it can take the crown.
For all of you who read all this, sorry for the long rant. I am just fed up with Windows Fanboys who excuse every design flaw we find in Microsoft products, and blame the habits of the users for Microsoft's shortcomings, then denagrate Linux users as being somehow defective for putting up with the most minor inconvienience.
As I understand it, the RIAA is concerned with people making "perfect digital copies" of "copywrited works" available for download, thereby distributing them. If the files in question were demonstratively different than anything the RIAA has in it's documented ownership, do they still have a case. If I were to make a digital file available, and that file was different than anything they owned (verifible by simply doing a diff) but named something very similar to one of their songs, would they be able to sue me?
Lets say I made "David's Boogie Wonder Land.mp3 available. Let's say it sounded remarkably like a known artist sang a song that the RIAA recognized, but it was actually different (but very close.) Is it still infringement?
Don't they have to prove it was one of thier copywrited works, before there can be any infringement?
While I am forced to use Windows in my work envirionment, while at home Ubuntu is my chosen desktop. I have never been one to insist on instant updates, so a few days delay in a patch does not concern me much.
Ubuntu (with some necessary updates and enhancements) is a perfectly capable operating system, and the Gnome2 desktop serves my needs just fine. I can do everything (and more) that my windows box can do, plus I get to use my choice of scripting languages to customize my experience.
Nothing is hidden away from me in cryptic registries, and I run only those things that make sense to me. On my Windows box, there are several programs that have installed themselves over the years, and seemingly cannot be uninstalled. I keep most of them disabled and beaten down, but can't seem to eradicate them entirely. Even tools from my huge international IT industry company don't seem to be able to keep the buggers off of my Windows machine. Number of virii or malware programs on my Ubuntu box? Zero.
So, yes, Ubuntu can be an effective and pleasing desktop.
DRM "does subvert the intent of the law (to provide new works to the public) and replace it with the capitalistic, lucrecratic belief that profit is the only ends we work towards." and is therefore evil.
I personally use Truecrypt on entire partitions. I don't lock up my whole/home file system, but mount the encrypted volumes after logging in. I use two encrypted partitions(entire disks) that are perminently installed in my computer, as well as two "portable" disks in USB enclosures.
The main reason I use truecrypt is that I share the portables with my work laptop, so that I can have access to sensitive data on the exteral drive securely when at home, or when travelling. It seems like a good compromise. Also, if my computer goes belly up, I can boot with a live-cd, and run truecrypt in traveller mode to access the data.
I can also take my external drive to anyone's computer, use truecrypt in traveller mode, and transfer files into/out of my encrypted drive to their machine. When I disconnect, everything is encrypted on my end.
Mine has never crashed. When I ran Winders, it crashed every couple of days. Now,I run for weeks at a time without reboots, and never restart my NVIDIA accelerated Twinview (Dual Window) setup.
If you crash a lot, you might what to check your xorg.conf file for problems.
First, let me say that I'm not against the concept of copyrights. That having been said, the artists are not the ones who ownt the copyrights, it's the publishers who do that. Also, art existed before copyrights. Since art existed first, then copyrights came later, then how would arts disappear without copyrights? There seems to be a flaw in your logic, somewhere.
Copyrights exists to encourage artists by assisting them in making a living from their works. This is not a bad thing, but it can be abused. I believe that in order for copyrights to work the way they were intended, they have to be limited to a relatively short time period (say, the original 7 years,) and apply only to the Creator of the work, not some huge corporation that buys up all the rights to all the art they can, then charge everyone to have access to that work.
TrueCrypt allows for that. It has an encryption system based on steganography of random data, such that one can create a benign encrypted volume, and a hidden volume within that encrypted enclosure. This give plausible deniability.
See the documentation. Basically, when they demand the keys, give them the "safe" data password, while never divulging that fact that the real data is still hidden with another password.
Slashdot Mirror
By saying that he has FIVE disks that are entirely encrypted, he gave you a clue that they were not all bootable disks. Why would one worry about putting an MBR on a non-bootable disk? If there's no MBR on the disk, why would one worry about whether it is encrypted or not?
Why is everyone so hung up on encrypting a boot record, anyway? The purpose of encrypting these disks is that one cannot take a disk away and gain access to the data. If someone had physical access to a system, where they could alter the system then put it back in place for the owner unsuspecting owner to use again, the encryption system used is not the problem. Given that level of intrusion, passwords and even biometric measures are likely to fail to protect the data. I'm not sure a secure token would be enough for that dedicated a hacker.
For less drastic protection, allowing the boot disk to load up the encryption algorithm and present a challenge and password should be sufficient. It would be very easy to configure a USB key to be the boot device for a system, and have the boot sequence mount the kernal from an encrypted disk. No MBR on the root disk at all, so the entire disk could be encrypted.
You asked "Why is this a problem?" I did not pose it as a problem, merely shared my experience for information. If you think what I do is irrelevent, ignore it. I read opinions and ancedotes related by others all the time, and sometimes even find many of them interesting.
On your other points, yes, it is possible that an admin could disguise a key-logger on my company laptop to steal my truecrypt password, and therefore gain access to that data. It is a violation of our corporate security policy, but it could be done. I don't expect them to go to that length to spy on me, however.
I keep a TC volume on my corp laptop because I occasionally want to access non-corporate, privately owned files without having to carry a second laptop with me. My company allows "limited private use" of corp computer equipment, email, and Internet access, so there should be no hand-slapping involved. I want to keep my private files private, because they are no one else's business but mine.
In the event that I have a malfunction on the computer, or I get to upgrade, or I decide to leave the company, or any of a dozen reasons that I lose physical control of the laptop, the TC volume will ensure that my files stay private. I'm not being paranoid, nor is there anything shocking or illegal in the private space that I would have to worry about, but it's still a better policy to keep the files locked away.
There are things in the TC volume that I find funny, or interesting, that my fellow employees may not. Off-color jokes, or cartoons, downloaded discussions of non-work-related political causes, my tax information or IRA contributions, etc. It's just best to have these things kept private, even from my fellow employees. The PointSec encryption on the laptop as a whole does this for the majority of situations, the TC volume takes care of the rest.
If someone were to truly dedicate themselves to finding out my every last secret, I'm sure they could do it. They could install a key-logger on my system, a camera in the ceiling tiles above my desk, put bugs in the furnishings around me, use TEMPEST techniques to capture the output of my monitor, etc. If they want to know that badly, all they would have to do is ask (they might have to say please, and give me a decent reason they want to know.) I'm not THAT secretive, and what I am hiding is not that important.
Still, it's fun to use an encryption system to lock away my "naughty secrets." When it comes time to turn in the laptop, all I have to do is to erase the private.tc file from my home directory, and know that the data is gone. Even an unerase utility will not retrieve the files. It's possible that fragments of the files were swapped out to disk by the Windows swap utility, but like I said, there's nothing there THAT damaging that I'm worried about it.
Yep, that would work.
Yeah, I've been using Truecrypt for about three years, too. Never had a problem with it. I did lose one password, but that's my fault, not TC's. It wasn't a big deal, since it was a "travel disk" anyway. I just reformatted and set it up with a new password, then reloaded my data. Always keep a backup. :-)
I've thought about dual booting, but never did. I've got a big system, with one boot disk for Winders, and one for Linux. My /home file system is on a RAID mirror, and I have an external media disk, where I store my audio and movies and such. Five drives in total, and chronically running short on space. I'll be upgrading my media disks again soon, most likely to an external RAID. All that to say, if I'm spreading out file systems to this extent, why boot two OSes from one disk? What would be the point?
so far
One of the advantages of Truecrypt is the ability to encrypt external drives. I have several drives that I use to transport media (audio, movies, ebooks, etc.) when I travel. If one gets stolen, it will appear to be empty, or corrupted. If it gets comfiscated by the copyright police, it will appear to be random data. Using TC, I can mount these drives on my Linux box at home, my Windows box at work, or connect it to my wife's Mac to transfer files. All I need is the portable version of TC on a USB key, and I'm golden.
Um, perform encrypted backups? Or is that too much?
Personally, I rsync a diff of my files over ssh to another computer and store the results in a compressed archive on an encrypted drive. I have multiple copies of my files in case of failure, all transport was encrypted, and all files remain encrypted on all media.
Oddly, I've never noticed any difference. I guess I'm just not as fast as you?
The term that is used on the Truecrypt website is "System Encryption" and it works by loading an encryption program into the boot block of the boot disk. The MBR will call the boot block, which then prompts for a password. The password is used to attempt to decrypt the rest of the boot partition. If it fails, there is no boot, and the only data that is unencrypted on the disk is the boot program itself. The rest of the disk looks like random data. If that's not "whole disk" encryption because the MBR is not itself encrypted, then what is the advantage of encrypting the MBR?
While I've read through your list of problems and agree that most of them would keep it from being deployed by Government, I've got to ask, "who gives a shit?" Do I care if the Govnernment is using the product I use to keep myself safe from them? No, I don't.
Also, while support from external authentication devices would be nice, there is support for keyfiles as well as passwords, so technically this is a two-factor authentication system. Since the system will not boot at all with System Encryption enabled without the password entered, Automatic update for user password changes (for when a NEW USER is given access to the system) is meaningless. When the user changes the encryption password on the system, it's changed. No automatic update needed. It's true that if the current user leaves without providing the password he is using, the hard drive is inaccessible, and therefore useless to anyone else, us but isn't that the point?
My company uses PointSec for WDE for our systems. It seems to work well, and yet I understand that nothing I put on the system is private. My PC admin has the ability to log in at any point and rifle through my files. If someone in our home office decides to reset my password through Active Directory, there's nothing I can do about it. I'll be locked out and not able to even view my files or get a chance to delete any private data I may have on the machine. I use a TC volume to keep my private files private. The hard drive is encrypted, so if the laptop is stolen, no one can yank the drive and steal corp data, but on the other hand, if someone want's to see what I've got in the box, all they'll find is an encrypted file. The TC is for ME, not for my Government or my employer.
If you KNOW that you are using a hidden volume, then you know that writing data to the outer volume (the false front, so to speak) requires a bit of special care. Don't use the outer volume as a real place for often changing data. It's a smoke-screen, a place to put stuff so the cops ^H^H^H^H interested other parties will not be able to prove you have anything else to hide. "See officer ^H^H^H^H^H^H^H interested other party, all I was hiding in my encrypted volume was my taxes and pictures of Britney Spears!"
It's funny that we keep hearing about "consensus." When other scientists make a discovery or a breakthrough, they gather their data, and get it peer reviewed for accuracy. If the peers cannot find fault with the process, the scientific conclusion is accepted as a working theory (scientific theory, which means that it's pretty much a proven fact, not public opinion theory, which means it's open to debate.)
With this debate, no one seems to have enough data to form a scientific conclusion, so everyone is talking about the scientists coming to a consensus. This means that, while they do not have enough evidence to solidly prove anything, they all believe they have the correct answer, given the data that they have reviewed. Not a slam dunk, by any means.
The evidence shows we are experiencing a warming trend. Thirty years ago, we were in a cooling trend. We know that man is producing a large amount of CO2. We know that CO2 is a greenhouse gas. We know that the sun is in a warm cycle (1600 year trend.) We know that temperatures are at 100 year highs (that's all we know, since we only started recording the temperature a little over 100 years ago.) Previous records were set in the 1930s.
Odds are we will experience some serious draughts, and see some sea level rise. It might even cause some massive problems for people who already live in horrible places (Sahara Desert, anyone?) Increased CO2 means increased crop production, which means more food, if we can get water to the crops. Some low lying cites might be at risk for periodic flooding. If we have a massive die-off, we will produce less CO2, in which case the humans can no longer be blamed for the increase in temperature. Either way, the effects will not be catastrophic in my lifetime.
I'm teaching my kids to swim, and fish. I might buy a boat. On the other hand, it's now cool to talk about reducing oil usage (something I've been doing for years,) and increasing solar and wind power generation. I like that. Perhaps WaterWorld is not such a bad place.
Don't have to worry about your land flooding, and you can get food by dropping a fishing line over the side.
Your file server's been running XP for three whole weeks? Without crashing? Call the newspapers! Seriously, all joking aside, many Unix installations run for many months at a time without a restart, and without issue. Stable is relative, it seems.
Still, that having been said, I believe that if you restart XP on a regular basis (daily,) it should be stable for at least a year, possibly as much as two before it needs to be scrapped and completely re-installed.
When my wife's Windows box failed for the third time in a year (no virii or spyware found, just ground to a halt and started crashing) I decided to install Linux on it instead of re-installing Windows again. My wife was concerned. Although she'd seen me using Linux for my main desktop for the last four years, she didn't have any confidence that it could do the things she was used to doing (surfing the web, reading email, etc.)
I installed Ubuntu. She uses Firefox and Evolution, and Open Office for word documents and spreadsheets. To date, there isn't anything that she's come to me and said she can't do. It's been just over a year. She's forgotten she's using Linux, and just uses her "computer" now.
By the way, we also have been happy Tivo users for about five years. It Just Works.
Thank you Walt-sjc. That was a much better reply than I was going to offer. For El-Lobo, understand that I have been working in computers since 1985. I began my career in the IT industry by installing a Novell network for the company I worked for, and writing an integrated inventory module into the corporate accounting package the company used. Before I did that (and after, for a couple of years) I repaired microfilm cameras and film processors, so I was a hands-on technician.
Since that time, I've installed, configured, maintained and repaired such a huge number of computers I would not be able to give you a decent count. Yes, there is no magic, I agree with that statement. There are, however, problems with every operating system out there. I've worked on Apple OS, VMS, Wang, Novell, MS-DOS, DR-DOS, OS-9, Windows 1.0, 2.0, 3.0, 3.1, 95, 98, ME, XP, 2000, and 2003, Xenix, Unix (system V), Solarix, AIX, HP-UX, Linux, and BSD. I believe I know a thing or two about operator privilege and permissions. I also know what clear text configuration files look like.
The Windows registry is fine as a machine readable configuration database. It's quick to access and fairly accurate. If you know what you're doing, it can be easy to manipulate with simple tools (regedit.exe.) It is NOT user or admin friendly, however. The fact that some companies seem to be able to write registery entries that are meaningful and user readable is fine for them, but as a whole, the registery encourages cryptic entries. This fits in very well with the purposes of malware and spyware companies, who want thier entries hard to find and read.
The idea that I can run all of my programs (on windows) in limited user mode and avoid trouble alltogether is also bullshit. Quite a few of the programs that are normally run require so many privileges elevated that it is by far easier to just run in Admin mode. My work computer, which I don't administer, is not set up with me running as Administrator. In fact, the Administrator account is disabled, and admistration rights belong to the PC administrator in my office. He's the only one who has unfettered access to the system.
There are, however, several small spyware or malware apps that have managed to become installed on the system. I find them and kill them, but I know that next time I look, there will likely be something hidden in there somewhere. Is this magic? No. This is BAD PROGRAMMING.
Understand that I'm not saying that Linux or Unix is perfect. I know that there are exploits for those systems that come from programming mistakes as well. There have been several highly publicised vulnerablilities in the last couple of years for both Linux systems and BSD Unix systems (including Apple OS X.) Well, publicly announced exploits or not, everyone I know who runs Windows spends time, money and system resources on tools to keep the malware at bay. It's a running battle, and three to four times a year, there's another widespread outbreak where everyone is urged to download a fix or protection because an exploit is sweeping the nation, compromising tens of thousands of machines.
Can you tell me when the last outbreak of rabid spyware bots was on Linux systems? When did something sweep the nation on BSD, infecting everthing it touched until Symantec could get a fix in place? I thought so.
For all of those people who are proudly Linux free, or BSD free, and proclaim Microsoft Windows to be the One True Solution, thanks for the entertainment. For the of us, there are some who have tried all of them, and decided on one or two favorites. For my money, Linux is the best out there today. Ubuntu is the flavor of the month, and seems to be the best for me. I will say happily that I have not had time to try all the flavors of Linux, and I will probably have a different favorite flavor in the next six months or so. Although, I'm on my way out to buy a new Apple, we'll see if it can take the crown.
For all of you who read all this, sorry for the long rant. I am just fed up with Windows Fanboys who excuse every design flaw we find in Microsoft products, and blame the habits of the users for Microsoft's shortcomings, then denagrate Linux users as being somehow defective for putting up with the most minor inconvienience.
As I understand it, the RIAA is concerned with people making "perfect digital copies" of "copywrited works" available for download, thereby distributing them. If the files in question were demonstratively different than anything the RIAA has in it's documented ownership, do they still have a case. If I were to make a digital file available, and that file was different than anything they owned (verifible by simply doing a diff) but named something very similar to one of their songs, would they be able to sue me?
Lets say I made "David's Boogie Wonder Land.mp3 available. Let's say it sounded remarkably like a known artist sang a song that the RIAA recognized, but it was actually different (but very close.) Is it still infringement?
Don't they have to prove it was one of thier copywrited works, before there can be any infringement?
While I am forced to use Windows in my work envirionment, while at home Ubuntu is my chosen desktop. I have never been one to insist on instant updates, so a few days delay in a patch does not concern me much.
Ubuntu (with some necessary updates and enhancements) is a perfectly capable operating system, and the Gnome2 desktop serves my needs just fine. I can do everything (and more) that my windows box can do, plus I get to use my choice of scripting languages to customize my experience.
Nothing is hidden away from me in cryptic registries, and I run only those things that make sense to me. On my Windows box, there are several programs that have installed themselves over the years, and seemingly cannot be uninstalled. I keep most of them disabled and beaten down, but can't seem to eradicate them entirely. Even tools from my huge international IT industry company don't seem to be able to keep the buggers off of my Windows machine. Number of virii or malware programs on my Ubuntu box? Zero.
So, yes, Ubuntu can be an effective and pleasing desktop.
DRM "does subvert the intent of the law (to provide new works to the public) and replace it with the capitalistic, lucrecratic belief that profit is the only ends we work towards." and is therefore evil.
I personally use Truecrypt on entire partitions. I don't lock up my whole /home file system, but mount the encrypted volumes after logging in. I use two encrypted partitions(entire disks) that are perminently installed in my computer, as well as two "portable" disks in USB enclosures.
The main reason I use truecrypt is that I share the portables with my work laptop, so that I can have access to sensitive data on the exteral drive securely when at home, or when travelling. It seems like a good compromise. Also, if my computer goes belly up, I can boot with a live-cd, and run truecrypt in traveller mode to access the data.
I can also take my external drive to anyone's computer, use truecrypt in traveller mode, and transfer files into/out of my encrypted drive to their machine. When I disconnect, everything is encrypted on my end.
actually, everybody loves to fuck the poor. The poor seem to enjoy fucking the rich, too. Everybody just loves to fuck!
Mine has never crashed. When I ran Winders, it crashed every couple of days. Now,I run for weeks at a time without reboots, and never restart my NVIDIA accelerated Twinview (Dual Window) setup.
If you crash a lot, you might what to check your xorg.conf file for problems.
First, let me say that I'm not against the concept of copyrights. That having been said, the artists are not the ones who ownt the copyrights, it's the publishers who do that. Also, art existed before copyrights. Since art existed first, then copyrights came later, then how would arts disappear without copyrights? There seems to be a flaw in your logic, somewhere.
Copyrights exists to encourage artists by assisting them in making a living from their works. This is not a bad thing, but it can be abused. I believe that in order for copyrights to work the way they were intended, they have to be limited to a relatively short time period (say, the original 7 years,) and apply only to the Creator of the work, not some huge corporation that buys up all the rights to all the art they can, then charge everyone to have access to that work.
Just my opinion.
TrueCrypt allows for that. It has an encryption system based on steganography of random data, such that one can create a benign encrypted volume, and a hidden volume within that encrypted enclosure. This give plausible deniability.
See the documentation. Basically, when they demand the keys, give them the "safe" data password, while never divulging that fact that the real data is still hidden with another password.