"rather have a fully functional, if closed, OS than a cobbled together one that limps along"
I mean, he could have applied this logic to Linux a few years ago.
It's not that I don't understand where he's coming from (heck, I even *run* closed drivers on my Linuxcertified machine), but that he's advocating a backwards moving position- a more closed-friendly environment doesn't help *ANY* of us out.
he kept using technical terms like "breaks" and "accelorater" lol am i a phizzycist now?/?
Seriously, any field has specialized terminology, usually because we want ONE word to describe something, not two or three. That's what words are used for.
Most people have *heard* of terms used in other things, but don't bother to learn them unless they are used every day. Since they don't want to learn computers to the same extent that they want to learn many other things, they don't know all the technical terms.
It doesn't help that the technical terms are basically slang, of course- but "trojan" is a very good term. All you need to understand it is a concept of "the code running on my machine is doing everything: if I run the wrong code (or if something runs the wrong code for me) then things will go wrong". That level of abstraction isn't hard, but many don't care.
What would they suggest? That we use terms that are multiworded to help out the 87% of people who aren't reading stuff anyway? That's like attacking artists for being too obscure, except that you are attacking engineers for being too precise.
If they cared and were not idiots, they would type: phishing definition into google.
First thing: " Web definitions for Phishing
In a phishing attack, a fraudster spams the Internet with email claiming to be from a reputable financial institution or e-commerce site. The email message urges the recipient to click on a link to update their personal profile or carry out some transaction. The link takes the victim to a fake website designed to look like the real thing. However, any personal or financial information entered is routed directly to the scammer. "
trojan definition Makes you click on a link to find the term defined.
I doubt anyone is complaining. The study looked like it asked people who don't care. Those that do care have this knowledge or can retrieve it inside of three minutes: those that do not care don't have it, but nothing could have given it to them- because they don't care.
That Firefox flashblock is one of the best technologies ever. The idea is so simple, and should have been an option in the actual flash itself: the thing doesn't load unless you click on it and say so. Most things should be like that, or be able to be set like that, and it's annoying when a company wants to control your property in such a fashion.
I mean, I have flash to play the occasional game or watch a movie. That shouldn't make me susceptible to ads crapping all over my eyeballs.
More importantly, Macromedia should be on my side with this, unless they are somehow benefitting everytime a flash app is loaded (which isn't impossible, but creates a serious conflict of interest).
I like the posts that say "Oh, this doesn't matter much, it'll only effect you if you mention a candidate running for local office.".
Oh, ok. It's only regulateable speech if it's about something that matters. You can say "flowers are pretty" all day long!
I don't see how this doesn't violate free speech in unspeakable ways. Scream people, this is *worse* than the DMCA.
I think what bugs me the most is that the way speech used be "regulated" here in the US is that you couldn't talk about sex except with innuendo, and you couldn't talk about God unless you had something nice to say. Now those two aren't nearly as taboo, but the Supreme Court checked off the ability to regulate political speech, technical speech is regulateable under patents and the DMCA (recall that software is inherently speech), and people are really leery of mentioning brand names in ways that haven't been vetted by a team of lawyers.
Hence corporations: the new gods. Want to say "Wal*Mart sucks?" Sure, you'll have a case if they attack you. And they almost certainly won't. But, they can conceivably attack you- that's the problem.
Scientology sort of proves the point, with many of their amazing lawsuits.
" I can't believe a libertarian would say "The solution for regulation is more regulation.""
Nor, in fact, did I. Simply that applying "the free market analysis" here is going to only end up hurting the credibility of "the free market analysis". It's easy to regulate such that removing *some* regulations is harmful.
My solution would be an actual, open market. In that world, phone companies would be free to put whatever onerous restrictions they like: without their government enforced monopoly, people could turn them down and get a different solution.
Your reply assumes that a free market exists because you can, in fact, go elsewhere for high speed internet. While true, it's not a very good example, because it just *happened* that way (and isn't valid in places where they aren't competing).
In the field of DSL (and Cable is an alternative), phone companies have a government mandated monopoly. I'm pretty sure Cable is usually a government mandated monopoly too.
As a fellow libertarian (presumably, at least financial conservative), I'd like to point out that everything *ELSE* about these carriers is regulated, so its practically a goverment service already.
An extreme example: I, the federal government, make a ruling that only Dell is allowed to sell computers. Dell immediately octuples the prices of all new computers. Your free market argument fails to apply ("people will reject it and the plan will die on the vine") because businesses and people have no practical *CHOICE* but to use computers, a well established commodity (so the actual choice is maintain older computers or go out of business / stop using computers). However, in a free market Dell wouldn't be able to octuple their prices (and if they did, results predictable by the free market would ensue).
My point is, these companies are largely using land granted through government powers (sometimes emminent domain), with massive government loans and some other federal aid I forget about right now. It is not a free market. The competition that exists mostly does so because the government put regulations to better approximate a free market- but really it isn't one.
Why are you checking on April 1st, 2005?
on
EU to Ban Macs
·
· Score: 1
Did you expect anything except exactly this?
This happens every year.
You should check with that in mind.
Hell, pretend they take off one day a year, and just don't check it.
Whatever, I just came to the site to see if there were any more jokes since I left work... and there were. Laugh out loud funny? No. But worth a read, and a grin.
Yea, it threw me off too. First I went to the help, which said "Sorry, no help." Needed Google to draw a line.
Of course, the reason there is no line tool made sense right away after doing it: it lets you apply the "line" concept to whichever draw tool you like (pencil, pen, etc.). So they have an excuse, but it's a lame one. There should be a line tool regardless (defaulting to pencil, I guess), with the tricksy stuff involving the keyboard stowed safely away in a help file. Perhaps there will be soon, too?
Whatever, I'm about to embark on a dual learning adventure with GIMP and photoshop both (I'm getting into photography and so need to know photoediting, beyond the rudimentaries I currently know). Should give me a good idea on where the two actually stand in relation to each other, without all the "I could never use anything else" emotion I always see.
Under 2.4 there's an older way to do things that just uses loopback devices (cryptoloop or something? I didn't get into it until 2.6).
Remember, once you have/dev/mapper/test, mounted, that's the only thing you should write anything that makes sense to. The only action you should ever do to your plaintext file (and writes to a loop device count if you have alread setup the loop to point to the file) is to init it with random data. If you are about to write valid data (a file, a filesystem) to/dev/loop1, then you are going to write plaintext directly to a file that is supposed to be encrypted!
Try instead mke2fs -ing your/dev/mapper/test after you run cryptsetup.
I also didn't play with ext3 myself much, but I doubt it makes a difference here. I just wanted to minimize writes to the disk, it's probably fine (and it's what I would use if I were doing my home directory instead of a smaller guy).
So hows that for a reason: in terms of free speech, the internet currently scores a 97%. Do you think giving governments power over this will somehow increase this score?
Seriously, yes, we've seen free speech issues arise here in the US. Patent law and other corporate suck ups are in fact threating the first amendment at every step.
But to compare that to China, where everything from religions to political thought is routinely banned isn't fair at all.
WASPs? Right faith? We've got neonazi Asatru over here, man! They deny the holocoast occurred and worship Odin! Get real!
And "USian" is a troll. Even should you somehow find some way to argue that it's more accurate (it's not), it isn't what we call ourselves, so therefore it's not our name. Unless the rules change when addressing the US or something, I dunno.
The losetup sets up a loop device. My script needs to be run as root, but it shouldn't be impossible to swing it so that anyone can do it (the files in the encrypted filesystem all have permissions 770 and group set to "cryptuser", of whom my default user is set to be a part of, but you could do it however you like)/home/neon.e2fs is the encrypted e2fs filesystem.
My script is hardwired to use/dev/loop1, but there are a few (up to seven or so by default, but you can increase the number).
Running cryptsetup will wait for you to type in a passphrase. It will then map, using a specified cipher (listed is equivalent to cryptsetup --cipher=aes create neon/dev/loop1 , but you can also use other ciphers: the default is 256 bit aes). The mapping is the/dev/mapper/ whatever you told it to create to the file which is the second argument. This means that anything written to/dev/mapper/neon will be run through the cipher (using the passphrase you created) and then written in ciphertext to/dev/loop1 (which was just set up to go to a file).
Mount performs as expected;)
Here's my actual script:
#!/bin/bash echo echo Password prompt for encrypted filesystem: !!!/sbin/losetup/dev/loop1/home/neon.e2fs cryptsetup create neon/dev/loop1 until mount/dev/mapper/neon/enc/neon do echo Mount failed- probably because of incorrect password or encryption method echo Ctrl-C now if you feel you should fsck/dev/mapper/neon echo Otherwise, press enter to retry. read cryptsetup remove neon cryptsetup create neon/dev/loop1 done
My unmount script: #!/bin/bash until umount/enc/neon do echo Error unmounting neon, press enter to retry. read done cryptsetup remove neon !!!/sbin/losetup -d/dev/loop1
Note that sometimes some annoying process will get in the way of things: an lsof/path should tell you what is being annoying.
As for how to set it up, there are good guids that you can google up. But the general procedure is:
1- Create a file that will become the filesystem. I suggest using dd to read from/dev/urandom up to the desired size. 2- Use losetup as above to setup a loop device to the newly created random file. 3- Use cryptsetup as above to create a mapper file. When it prompts you for a password, have a good phrase in mind, and watch each keystroke. Anything written to this file will be encrypted. 4- Then treat the/dev/mapper file as if it's a real disk! Above, on an existing filesystem, we mount or unmount it. To create it, go ahead and run a formatting utility on it, like you would a disk. (mke2fs is my choice). 5- Now you should be able to mount it. Write a test file to it. Then unmount it, and run cryptsetup remove (name of thing). Now do the cryptsetup create (name of thing)/dev/loop1 Input the password. Note that you are only supplying a cipher at this point, one of 2^256 of them. So there will be no error if you type it wrong.
It will, however, fail to mount if you get it wrong. Assuming you get it right, make sure your test file is there and have fun.
If you got it wrong and can't get it right, you have lost everything on the encrypted partition (probably just the test file). Since you pick a new "way to
2 GB of RAM means never having to say "I'm swappy".
Sorry, couldn't resist.
I just flat out disable swap. It would only speed things up if my RAM usage was anywhere near my 2 GB of RAM, and it sure ain't.
But encrypting the swap isn't really much harder than the other stuff, and you can even have it encrypted each bootup with a new, random password.
Still, very good point.
Another thing that can catch you is that the way I do it (seperately mount a filesystem) means that anything that saves temporary stuff is vulnerable, and swap is a subset of this. For instance, if you open up your encrypted directory, GNOME will go right in there and generate a bunch of thumbnails. If you have a bunch of encrypted pictures, these thumbnails will be smaller versions of them. If they are text files, they will actually display with the first few bytes rendered (as if you were looking at the upper left corner). Anyway, for speed purposes, these are all saved under ~/.thumbnails , which is not, for me, encrypted. I don't care about this, but someone conceivably might. Solutions include having a thumbnails directory in your encrypted filesystem, and having your "mount the encrypted filesystem" script move your.thumbnails to another name and make a soft link pointing to your encrypted version, while your dismount script unlinks and moves the normal one back before unmounting. There are probably a few "holes" like this.
Clearly, having your whole home directory encrypted saves this as being a potential security risk.
As I just posted, I'm not advocating torture. But your example isn't valid in this case: if you are being pressed for a password, your questioner will know if you lie: with a lie the password won't work. You either know it or you don't. It's not "did you plot to commit X" it's "reveal the solution to this really hard math puzzle you created". The normal arguments against the efficacy of torture don't apply.
That being said, who cares if torture is effective and accurate? Principle forbids it on fundamental moral grouds.
Please remember, I'm neither advocating torture nor claiming it will work in the general case.
If I ask you (under torture) "What is the password?" and you tell me "what I want to hear" (you don't know the password so you make one up), then your password fails validation. That validation takes less than a second. It's not like extracting a confession: the password, once revealed, validates itself by revealing valid data. For this reason steganographic type cryptograph (or the Israeli case with the two one time pads, one legit and one bad enough to allay suspicious but not so bad as to reveal the actual truth) are necessary to defeat this attack.
Yes, I'm assuming that. Obviously, if torture is in the realm of the possible, things get much worse. But there are then two kinds of data:
Data whose exposure will end up with you being persecuted for.
Data whose exposure will end up harming a cause you value above yourself.
Torture is a great way for getting either of those, but it will work at 100% efficiency for type 1. Example: assume that me bitching about a girl who threatened to kick my ass if I asked her out (not to imply that this event actually occurred or anything) is a crime punishable by something bad. If the system is so broken that I can be tortured to reveal the password, then it stands to reason that it is so broken that they can inflict "something bad" on me without trial, confession, evidence, or not.
In other words, type 1 data is useless to the government that can torture and endlessly imprison: they already have that power, and that's all type 1 data wins you.
But if you are a captured CIA agent in China, now you have to worry about type 2 data- something that is important to someone besides you. That changes your rules somewhat as well.
Anyone know how that steganographic filesystem is coming?
I use the built in crypto in Fedora (the device level encryption passed to a loopback file mounted under/enc). I doubt that, absent a key sniffer, my passwords would *ever* be discovered. I have some english words in them (most are long phrases with nonsense punctuation thrown in at several places), so I guess that could be some kind of issue. But overall, I feel pretty secure.
Of course, I'm not actually defending any data that the government would care about, so it's all moot;)
(Unless the government has a pressing need to read my private journal about me bitching about how I can't get a date. In that case, those spooks are outta luck!)
Teen versions of McCoy and Kirk? Aren't their characters like, 20 years apart in age?
Now, I don't know the details, but isn't Spock like, older than all of those (using the "every race is longer lived and better than humans" rule that applied to all sci-fi fantasy since forever, especially those with pointy ears)?
Get around that crap, and the idea is actually pretty cool. Well, I think so. More tech gadgets, little to no combat, all people stories...
Or maybe we'd just watch as the group bravely runs around to bars after school hours, attempting to bravely go where no man has gone before...
Slashdot Mirror
It's utterly impossible to do so.
The "human error" and "jammed signal" problems are signifigant, however.
"rather have a fully functional, if closed, OS than a cobbled together one that limps along"
I mean, he could have applied this logic to Linux a few years ago.
It's not that I don't understand where he's coming from (heck, I even *run* closed drivers on my Linuxcertified machine), but that he's advocating a backwards moving position- a more closed-friendly environment doesn't help *ANY* of us out.
You have the best post today, thank you.
Hah! I'm having a slashdot break because ClearCase is punching me in the head *right this instant*!
he kept using technical terms like "breaks" and "accelorater" lol am i a phizzycist now?/?
Seriously, any field has specialized terminology, usually because we want ONE word to describe something, not two or three. That's what words are used for.
Most people have *heard* of terms used in other things, but don't bother to learn them unless they are used every day. Since they don't want to learn computers to the same extent that they want to learn many other things, they don't know all the technical terms.
It doesn't help that the technical terms are basically slang, of course- but "trojan" is a very good term. All you need to understand it is a concept of "the code running on my machine is doing everything: if I run the wrong code (or if something runs the wrong code for me) then things will go wrong". That level of abstraction isn't hard, but many don't care.
What would they suggest? That we use terms that are multiworded to help out the 87% of people who aren't reading stuff anyway? That's like attacking artists for being too obscure, except that you are attacking engineers for being too precise.
If they cared and were not idiots, they would type:
phishing definition
into google.
First thing:
"
Web definitions for Phishing
In a phishing attack, a fraudster spams the Internet with email claiming to be from a reputable financial institution or e-commerce site. The email message urges the recipient to click on a link to update their personal profile or carry out some transaction. The link takes the victim to a fake website designed to look like the real thing. However, any personal or financial information entered is routed directly to the scammer.
"
trojan definition
Makes you click on a link to find the term defined.
I doubt anyone is complaining. The study looked like it asked people who don't care. Those that do care have this knowledge or can retrieve it inside of three minutes: those that do not care don't have it, but nothing could have given it to them- because they don't care.
That Firefox flashblock is one of the best technologies ever. The idea is so simple, and should have been an option in the actual flash itself: the thing doesn't load unless you click on it and say so. Most things should be like that, or be able to be set like that, and it's annoying when a company wants to control your property in such a fashion.
I mean, I have flash to play the occasional game or watch a movie. That shouldn't make me susceptible to ads crapping all over my eyeballs.
More importantly, Macromedia should be on my side with this, unless they are somehow benefitting everytime a flash app is loaded (which isn't impossible, but creates a serious conflict of interest).
I hear they're almost as volatile as tanks filled with explosive refined hydrocarbons!
I like the posts that say "Oh, this doesn't matter much, it'll only effect you if you mention a candidate running for local office.".
Oh, ok. It's only regulateable speech if it's about something that matters. You can say "flowers are pretty" all day long!
I don't see how this doesn't violate free speech in unspeakable ways. Scream people, this is *worse* than the DMCA.
I think what bugs me the most is that the way speech used be "regulated" here in the US is that you couldn't talk about sex except with innuendo, and you couldn't talk about God unless you had something nice to say. Now those two aren't nearly as taboo, but the Supreme Court checked off the ability to regulate political speech, technical speech is regulateable under patents and the DMCA (recall that software is inherently speech), and people are really leery of mentioning brand names in ways that haven't been vetted by a team of lawyers.
Hence corporations: the new gods. Want to say "Wal*Mart sucks?" Sure, you'll have a case if they attack you. And they almost certainly won't. But, they can conceivably attack you- that's the problem.
Scientology sort of proves the point, with many of their amazing lawsuits.
" I can't believe a libertarian would say "The solution for regulation is more regulation.""
Nor, in fact, did I. Simply that applying "the free market analysis" here is going to only end up hurting the credibility of "the free market analysis". It's easy to regulate such that removing *some* regulations is harmful.
My solution would be an actual, open market. In that world, phone companies would be free to put whatever onerous restrictions they like: without their government enforced monopoly, people could turn them down and get a different solution.
Your reply assumes that a free market exists because you can, in fact, go elsewhere for high speed internet. While true, it's not a very good example, because it just *happened* that way (and isn't valid in places where they aren't competing).
In the field of DSL (and Cable is an alternative), phone companies have a government mandated monopoly. I'm pretty sure Cable is usually a government mandated monopoly too.
As a fellow libertarian (presumably, at least financial conservative), I'd like to point out that everything *ELSE* about these carriers is regulated, so its practically a goverment service already.
An extreme example: I, the federal government, make a ruling that only Dell is allowed to sell computers. Dell immediately octuples the prices of all new computers. Your free market argument fails to apply ("people will reject it and the plan will die on the vine") because businesses and people have no practical *CHOICE* but to use computers, a well established commodity (so the actual choice is maintain older computers or go out of business / stop using computers). However, in a free market Dell wouldn't be able to octuple their prices (and if they did, results predictable by the free market would ensue).
My point is, these companies are largely using land granted through government powers (sometimes emminent domain), with massive government loans and some other federal aid I forget about right now. It is not a free market. The competition that exists mostly does so because the government put regulations to better approximate a free market- but really it isn't one.
Did you expect anything except exactly this?
This happens every year.
You should check with that in mind.
Hell, pretend they take off one day a year, and just don't check it.
Whatever, I just came to the site to see if there were any more jokes since I left work... and there were. Laugh out loud funny? No. But worth a read, and a grin.
Slashdot does this every year. I mean, it's not like it's a surprise or anything.
(Although they actually fooled me a few times quite some time ago, but we won't go into that)
Yea, it threw me off too. First I went to the help, which said "Sorry, no help." Needed Google to draw a line.
Of course, the reason there is no line tool made sense right away after doing it: it lets you apply the "line" concept to whichever draw tool you like (pencil, pen, etc.). So they have an excuse, but it's a lame one. There should be a line tool regardless (defaulting to pencil, I guess), with the tricksy stuff involving the keyboard stowed safely away in a help file. Perhaps there will be soon, too?
Whatever, I'm about to embark on a dual learning adventure with GIMP and photoshop both (I'm getting into photography and so need to know photoediting, beyond the rudimentaries I currently know). Should give me a good idea on where the two actually stand in relation to each other, without all the "I could never use anything else" emotion I always see.
Under 2.4 there's an older way to do things that just uses loopback devices (cryptoloop or something? I didn't get into it until 2.6).
/dev/mapper/test, mounted, that's the only thing you should write anything that makes sense to. The only action you should ever do to your plaintext file (and writes to a loop device count if you have alread setup the loop to point to the file) is to init it with random data. If you are about to write valid data (a file, a filesystem) to /dev/loop1, then you are going to write plaintext directly to a file that is supposed to be encrypted!
/dev/mapper/test after you run cryptsetup.
Remember, once you have
Try instead mke2fs -ing your
I also didn't play with ext3 myself much, but I doubt it makes a difference here. I just wanted to minimize writes to the disk, it's probably fine (and it's what I would use if I were doing my home directory instead of a smaller guy).
Let me know how that works!
So hows that for a reason: in terms of free speech, the internet currently scores a 97%. Do you think giving governments power over this will somehow increase this score?
I'll waw my flag all day long, fool!
Seriously, yes, we've seen free speech issues arise here in the US. Patent law and other corporate suck ups are in fact threating the first amendment at every step.
But to compare that to China, where everything from religions to political thought is routinely banned isn't fair at all.
WASPs? Right faith? We've got neonazi Asatru over here, man! They deny the holocoast occurred and worship Odin! Get real!
And "USian" is a troll. Even should you somehow find some way to argue that it's more accurate (it's not), it isn't what we call ourselves, so therefore it's not our name. Unless the rules change when addressing the US or something, I dunno.
Right. Racist.
Sheesh. I guess if he was ragging on the Soviet's history of treating political dissent in the 80s, then he'd hate white people, right?
"The purpose was to exclude governments (but that didn't work). People realize today that the governments worldwide have to play a role."
I mean, is he trolling?
Hrm. Not immediately, it would seem.
/dev/loop1 /home/neon.e2fs /dev/loop1 /dev/mapper/neon /enc/neon
/home/neon.e2fs is the encrypted e2fs filesystem.
/dev/loop1, but there are a few (up to seven or so by default, but you can increase the number).
/dev/loop1 , but you can also use other ciphers: the default is 256 bit aes). The mapping is the /dev/mapper/ whatever you told it to create to the file which is the second argument. This means that anything written to /dev/mapper/neon will be run through the cipher (using the passphrase you created) and then written in ciphertext to /dev/loop1 (which was just set up to go to a file).
;)
/dev/loop1 /home/neon.e2fs /dev/loop1 /dev/mapper/neon /enc/neon /dev/mapper/neon /dev/loop1
/enc/neon /dev/loop1
/path should tell you what is being annoying.
/dev/urandom up to the desired size. /dev/mapper file as if it's a real disk! Above, on an existing filesystem, we mount or unmount it. To create it, go ahead and run a formatting utility on it, like you would a disk. (mke2fs is my choice). /dev/loop1
My script to mount basically does this (remove !!! whenever it appears, it's there because / breaks things):
!!!/sbin/losetup
cryptsetup create neon
mount
The losetup sets up a loop device. My script needs to be run as root, but it shouldn't be impossible to swing it so that anyone can do it (the files in the encrypted filesystem all have permissions 770 and group set to "cryptuser", of whom my default user is set to be a part of, but you could do it however you like)
My script is hardwired to use
Running cryptsetup will wait for you to type in a passphrase. It will then map, using a specified cipher (listed is equivalent to cryptsetup --cipher=aes create neon
Mount performs as expected
Here's my actual script:
#!/bin/bash
echo
echo Password prompt for encrypted filesystem:
!!!/sbin/losetup
cryptsetup create neon
until mount
do
echo Mount failed- probably because of incorrect password or encryption method
echo Ctrl-C now if you feel you should fsck
echo Otherwise, press enter to retry.
read
cryptsetup remove neon
cryptsetup create neon
done
My unmount script:
#!/bin/bash
until umount
do
echo Error unmounting neon, press enter to retry.
read
done
cryptsetup remove neon
!!!/sbin/losetup -d
Note that sometimes some annoying process will get in the way of things: an lsof
As for how to set it up, there are good guids that you can google up. But the general procedure is:
1- Create a file that will become the filesystem. I suggest using dd to read from
2- Use losetup as above to setup a loop device to the newly created random file.
3- Use cryptsetup as above to create a mapper file. When it prompts you for a password, have a good phrase in mind, and watch each keystroke.
Anything written to this file will be encrypted.
4- Then treat the
5- Now you should be able to mount it. Write a test file to it. Then unmount it, and run cryptsetup remove (name of thing). Now do the cryptsetup create (name of thing)
Input the password. Note that you are only supplying a cipher at this point, one of 2^256 of them. So there will be no error if you type it wrong.
It will, however, fail to mount if you get it wrong. Assuming you get it right, make sure your test file is there and have fun.
If you got it wrong and can't get it right, you have lost everything on the encrypted partition (probably just the test file). Since you pick a new "way to
2 GB of RAM means never having to say "I'm swappy".
.thumbnails to another name and make a soft link pointing to your encrypted version, while your dismount script unlinks and moves the normal one back before unmounting. There are probably a few "holes" like this.
Sorry, couldn't resist.
I just flat out disable swap. It would only speed things up if my RAM usage was anywhere near my 2 GB of RAM, and it sure ain't.
But encrypting the swap isn't really much harder than the other stuff, and you can even have it encrypted each bootup with a new, random password.
Still, very good point.
Another thing that can catch you is that the way I do it (seperately mount a filesystem) means that anything that saves temporary stuff is vulnerable, and swap is a subset of this. For instance, if you open up your encrypted directory, GNOME will go right in there and generate a bunch of thumbnails. If you have a bunch of encrypted pictures, these thumbnails will be smaller versions of them. If they are text files, they will actually display with the first few bytes rendered (as if you were looking at the upper left corner). Anyway, for speed purposes, these are all saved under ~/.thumbnails , which is not, for me, encrypted. I don't care about this, but someone conceivably might. Solutions include having a thumbnails directory in your encrypted filesystem, and having your "mount the encrypted filesystem" script move your
Clearly, having your whole home directory encrypted saves this as being a potential security risk.
As I just posted, I'm not advocating torture. But your example isn't valid in this case: if you are being pressed for a password, your questioner will know if you lie: with a lie the password won't work. You either know it or you don't. It's not "did you plot to commit X" it's "reveal the solution to this really hard math puzzle you created". The normal arguments against the efficacy of torture don't apply.
That being said, who cares if torture is effective and accurate? Principle forbids it on fundamental moral grouds.
Please remember, I'm neither advocating torture nor claiming it will work in the general case.
If I ask you (under torture) "What is the password?" and you tell me "what I want to hear" (you don't know the password so you make one up), then your password fails validation. That validation takes less than a second. It's not like extracting a confession: the password, once revealed, validates itself by revealing valid data. For this reason steganographic type cryptograph (or the Israeli case with the two one time pads, one legit and one bad enough to allay suspicious but not so bad as to reveal the actual truth) are necessary to defeat this attack.
Yes, I'm assuming that. Obviously, if torture is in the realm of the possible, things get much worse. But there are then two kinds of data:
Data whose exposure will end up with you being persecuted for.
Data whose exposure will end up harming a cause you value above yourself.
Torture is a great way for getting either of those, but it will work at 100% efficiency for type 1. Example: assume that me bitching about a girl who threatened to kick my ass if I asked her out (not to imply that this event actually occurred or anything) is a crime punishable by something bad. If the system is so broken that I can be tortured to reveal the password, then it stands to reason that it is so broken that they can inflict "something bad" on me without trial, confession, evidence, or not.
In other words, type 1 data is useless to the government that can torture and endlessly imprison: they already have that power, and that's all type 1 data wins you.
But if you are a captured CIA agent in China, now you have to worry about type 2 data- something that is important to someone besides you. That changes your rules somewhat as well.
Anyone know how that steganographic filesystem is coming?
I use the built in crypto in Fedora (the device level encryption passed to a loopback file mounted under /enc). I doubt that, absent a key sniffer, my passwords would *ever* be discovered. I have some english words in them (most are long phrases with nonsense punctuation thrown in at several places), so I guess that could be some kind of issue. But overall, I feel pretty secure.
;)
Of course, I'm not actually defending any data that the government would care about, so it's all moot
(Unless the government has a pressing need to read my private journal about me bitching about how I can't get a date. In that case, those spooks are outta luck!)
Teen versions of McCoy and Kirk? Aren't their characters like, 20 years apart in age?
Now, I don't know the details, but isn't Spock like, older than all of those (using the "every race is longer lived and better than humans" rule that applied to all sci-fi fantasy since forever, especially those with pointy ears)?
Get around that crap, and the idea is actually pretty cool. Well, I think so. More tech gadgets, little to no combat, all people stories...
Or maybe we'd just watch as the group bravely runs around to bars after school hours, attempting to bravely go where no man has gone before...