OK the process i described is 100% OpenFirmware based bootloaders, MacOS never enters into it.
however the catch is what i described only works on NewWorld macs, as they have a decent firmware and no hardware MacOS ROM. what you have is an OldWorld PowerMac, this has broken OpenFirmware and it will never boot linux in its default configuration, but it can be made to boot linux from OF. Note that the bootstrap partition trick won't work on an Oldworld, but its still useful to create one as i describe in case you ever want to move the disk into a newworld box, you will then be able to make it bootable.
OldWorld powermacs use quik instead of yaboot, its an OpenFirmware bootloader. Note that you must use Debian GNU/Linux in this case since all the other distros only include a broken quik that simply does not work. your OpenFirmawre configuration will need some changes, the load-base variable must be changed to either 0x600000 or 0x1000000. the input device should be set to kbd, and the output-device should be set to screen. this allows you to see OF on the console instead of a serial port. you also need to set the boot-device variable to the OF path to your hard disk, ybin includes a utility `ofpath' which can find this out for you (it unlike the rest of ybin works on oldworld macs, debian includes this on the boot floppies as well). you also may have to put something bogus in the boot-file variable just to take up space, sometimes OF/quik crashes if not.
OF variables can be changed from linux using the nvsetenv cmomand, and from within OF using the setenv command. if you have IDE disks you must install a large nvramrc patch otherwise OF will not be able to read the disk.
you can find the full OF configuration for a biege G3 at http://penguinppc.org/~jeramy/nvram.config-all
. just the nvramrc patch is at http://penguinppc.org/~jeramy/nvramrc.patch
. that can be applied via the command nvsetenv nvramrc `cat nvramrc.patch`. at least i think so, i have not tested this. also set the use-nvramrc? varable to true: nvsetenv 'use-nvramrc?' true
see the debian-powerpc list archives for some other help, and post thier if you need more assistence.
quik can be used to boot macos, see the quik.conf man page for an example of this, its similar to the lilo other= imagename.
one note of warning: DO *NOT* EVER change the load-base or nvramrc variables on a NewWorld (colored hardware) mac, or any mac with OpenFirmware 3.0 or later. if you do the bootrom may be DESTROYED and the motherboard will have to be replaced!
if its a NewWorld box (colored case, not beige) you should use ybin and yaboot. ybin will create a nice text based boot menu of OS choices including GNU/Linux (of course), MacOS, MacOSX, Darwin, along with some general purpose menus, CDROM, Network, and OpenFirmware. all of this is fully configurable.
the most important step though is creating a bootblock. Macs don't have an MBR like x86 machines do, so what you need to do is create the first partition on the disk as a 800K type Apple_Bootstrap partition, the special type is recognized by OpenFirmware, but MacOS will not mount it. this is very important since MacOS will see that the parittion does not have real MacOS and will render it unbootable. making it the first partition lets you simply reset OpenFirmware to its factory default configuration and (if the bootstrap was setup by ybin) it will be booted by OpenFirmware *automatically*.
see my partitioning guide at: http://penguinppc.org/usr/ybin/doc/mac-fdisk-basic s.shtml
this explains how to properly partition the disk, you need to create placeholder partitions with MacOS's (or MacOSX's) partitioners at the start of the disk, and then delete them with the linux mac-fdisk (aka pdisk). as with x86 you need to create linux (and the bootstrap) partitions with linux and not macos.
as for distributions, only Debian GNU/Linux includes ybin and yaboot right on the boot floppies (you have to run them manually still, but they are there) ydl 1.2* does not have ybin (2.0 if its ever released might) no version of LinuxPPC includes it, and SuSE does not either (AFAIK).
the option key trick mentioned here only works on iBooks, and AGP G4s, not older NewWorld macs such as pre slot loading iMacs and G3s. its also rather slow as it probes all the partitions first. The ybin boot menu is fast (ybin configured bootstrap partitions show up with the option key chooser, as an icon with a penguin on it at that) and the most configurable thing you will find. ybin itself is a lilo like installer for yaboot, yaboot is akin to lilo's/boot/boot.b ybin is akin to/sbin/lilo.
I have NO idea how this GUI installer rumor came about, it is blatently false. Woody will use the same boot floppies as potato does, and the debian installer project will also have a nearly identical UI (the text based curses menu like the current boot-floppies use).
If slashdot (or the submitter) had bothered to actually read Anthony's message in its entirety they would have seen that 1) woody is not frozen yet. and 2) that there is no mention whatsoever of a GUI installer. what Anthony DOES mention is better packaging of GUI software such as KDE/GNOME type programs.
here is a quote from the actual message where this silly rumor must have come from:
Third, I'd really like to see Debian include some of the nice "desktopy"
stuff that's coming out for Linux these days: office software, DVD
players, games, KDE, Gnome, Mozilla and so on. I'd like to see the
installer cope nicely with the hardware that goes with it, video cards and
sound cards and TV cards and whatever.
Damn! I thought that if you installed OS X on the same partition then you couldn't boot OS 9! That's why I didn't do it. Oh well. DP4 was stable on my iBook anyway.
That is true, well i suppose you could but it would involve getting the OS9 system folder reblessed (a pain) which renders OSX unbootable...
The other problem is if you have separate partitions but use HFS+ for OSX, once you boot OS9 it mounts your OSX partition and sees its not really MacOS and deblesses it! making OSX unbootable.
Your much better off using UFS for OSX on a seperate partition.
And to the previous poster about dual booting, look at ybin it makes tri booting MUCH simpler then that, no fscking with boot variables and control panels, just reboot and choose your OS from the boot menu.
If you wish to run GNU/Linux on Apple hardware your better off staying away from the most recent machines, pretty much every time apple makes a revision on thier hardware it takes at least a couple months before the support makes its way into the kernel and stabalizes. If you find an older revision you will have alot better luck. However, do be sure to get the so called `Newworld' era machines, (pretty much anything 1999 and on) the `oldworld' (beige etc) hardware is much more difficult to run OSX on, and is much harder to boot GNU/Linux without MacOS.
As for running GNU/Linux, OSX and OS9, this is quite possible, you just need to think ahead when partitioning, `newworld' Apple hardware needs a small 800K "Apple_Bootstrap" partition to hold the yaboot bootloader. see my partitioning doc at http://penguinppc.org/usr/ybin/doc/ ; ; ; along with the yaboot-faq. my bootloader installer (ybin) also lets you create a boot menu for the 3 OSes.
yes i had that exact mouse problem on an Athlon box, never could find a solution (i no longer have the machine so that `solved' it) the only difference from you is CPU usage had nothing to do with it in my case, simply moving the mouse around triggered all kinds of whacked out behavior (moving itself clicking all 3 buttons etc) i even tried 3 different mice, no effect.
i have two intel machines and a powerpc with debian potato and no mouse problems, i cannot explain what the problem with the athlon was...
OpenFirmware is indeed a rather broken thing, but the so called `newworld' macs have a OpenFirmware that is usable enough to boot without macos using yaboot.
check out ybin, which is an installer i wrote to initialize a small 800K HFS bootstrap partition and put yaboot on it. it will install a small OF script and do some black magic causing OF to believe the bootstrap partition is a copy of MacOS, without requiring ANY macos present.
you will however need to create a 800K bootstrap (make the type "Apple_Bootstrap" instead of the usual "Apple_HFS" to protect against MacOS ruining it.
ACLs won't do any good in this case, its not that the permissions are deficient, its that NFS has a flawed design when it comes to security: it completely trusts the client to take care of enforcing the permissions. so even if you had acls it won't do any good since the client root can ignore them anyway. Its already been mentioned that you can squash root but that only works when all files are owned by root, which is not very useful for home directories.
I'm not sure the classic UNIX security makes any sense anymore.
I don't think its classic unix security that is the problem here, its the classic NFS non-security that is the problem. any system which trusts the client for authentication/permission enforcement is fundementally flawed.
I think you might be thinking along the lines that `all powerful root' does not make sense any more, and in some cases it does not which is why there are some capability based systems (trusted irix and such) where uid 0 is just another account. Trusted IRIX has this available as an option but i suspect (i have no real numbers) that most IRIX users configure it WITH the all powerful super-user enabled, simply because administering a fully capability based system with no root is much more difficult and thus more time consuming. (i could be wrong here but that is the impression i get)
Maybe you could just rm su?
as has been mentioned revoking root access in this case is probably not an option. even if it were they would have to deal with loads of physical access problems. the network, the workstations etc etc.
I don't think rm does this by default, there is a ext2 attribute to cause deleted files to be securely deleted but I am not sure if its actually implemented. the chattr man page says only c and u are unimplemented (compress and undeleteable) so maybe it is...
from man chattr: When a file with the `s' attribute set is deleted, its blocks are zeroed and written back to the disk.
this is not exactly the most convenient way to go if you want every file you delete to be securely deleted however, in that case exchanging rm for wipe is probably what you want.
They install software in wacky places (compared to where the software would be installed had you issued "make install")
You are right software is not installed in the same place as a make install will put it (usually/usr/local/*), instead all packaged software goes into the/usr/* hierarchy. what does does is separate the packaged software from what has been self compiled and installed by the local admin (make ; make install) which goes into/usr/local/.
if this were not so, you would have a massive/usr/local with packaged software which may or may not interfere with a replacement you install yourself. it would also make managing your self compiled stuff a massive pain. you would need to check that you don't break some packaged software, and have make sure a package will not blow away something of yours. the debian packaging system by policy does not permit packages to touch/usr/local and thus anything you put there is safe from the packager.
this is basically the same way redhat does it, except i used to have.rpms dump stuff in/usr/local all the time.
I agree packaging systems can sometimes get in the way, and if you are the type who dislike the idea of a packager i would suggest slackware as the system of choice. to each his own:)
Really nice guys, those RedHat people, huh? If they can't ripoff the end users, they'll get the businesses instead. I think maybe I'll just switch back to an all-AIX environment. At least AIX doesn't come out with bugfixes daily then say 'oh, screw you. Here's a new version you have to buy.' They can sit on a version, release bugfixes, and integrate them into the next version, a year or two down the road.
Pfah. RedHat. It's sad to see what Linux has become.
Redhat is NOT Linux!
There are many GNU/Linux distributions Redhat is only one of the many, don't like thier attitude then use one of the others. Anyone can make a GNU/Linux distribution and not all are going to be wonderful. so what? there are plenty of others that are great distributions.
If you want to abandon GNU/Linux thats your choice, but don't abandon it just because of one distribution/distributer is not to your liking.
Is it the complete neophyte who knows nothing about computers at all? If so, no mainstream OS qualifies. Is it the casual user? Is it the "power" user? Or is it the totally geeked-out hacker type?
There are two routes to go in `ease of use' there is short term ease of use, where you take someone out of a rainforest who has never seen a computer and they can figure it out and use it in a very short ammount of time. And than there is `long term usability' where it may have a learning curve or may take a bit of getting used to but *once you know it* you can use it much more efficiently.
The short term ease of use very often sacrifices long term efficiency.
For Apple the short term usability is more important, for GNU/Linux, OPENSTEP (or UN*X in general) long term efficiency is more important.
Personally I will take long term efficiency with some short term work (learning) over something that will be nice at first and annoying as hell in the longterm.
Well I got to talk to RMS today as he was here at the university, this issue came up and I asked him specifically about the contention that this is a beta and thus is not violating the GPL argument people have been making, his response:
It appears that 64 bit encryption will be allowed, and 128 `may be' allowed if it is designed for `end users' and does not require very much tech support, and is not being exported to the 7 `terrorist' countries.
I also read in a transcipt of a White House briefing that Wassenaar will be modified to reflect this somehow, but it was somewhat vague...
Something else interesting is this so called 3rd party key repository which people can optionaly deposit thier private keys for `backup' purposes. The Government of course can get access to any key this 3rd party has after getting proper `judicial authorization'. I am sure we will see alot of Government BS to try and convince people to deposit thier keys...
--He who gives up liberty for security ends up with neither. --Benjamin Franklin
Slashdot Mirror
OK the process i described is 100% OpenFirmware based bootloaders, MacOS never enters into it.
however the catch is what i described only works on NewWorld macs, as they have a decent firmware and no hardware MacOS ROM. what you have is an OldWorld PowerMac, this has broken OpenFirmware and it will never boot linux in its default configuration, but it can be made to boot linux from OF. Note that the bootstrap partition trick won't work on an Oldworld, but its still useful to create one as i describe in case you ever want to move the disk into a newworld box, you will then be able to make it bootable.
OldWorld powermacs use quik instead of yaboot, its an OpenFirmware bootloader. Note that you must use Debian GNU/Linux in this case since all the other distros only include a broken quik that simply does not work. your OpenFirmawre configuration will need some changes, the load-base variable must be changed to either 0x600000 or 0x1000000. the input device should be set to kbd, and the output-device should be set to screen. this allows you to see OF on the console instead of a serial port. you also need to set the boot-device variable to the OF path to your hard disk, ybin includes a utility `ofpath' which can find this out for you (it unlike the rest of ybin works on oldworld macs, debian includes this on the boot floppies as well). you also may have to put something bogus in the boot-file variable just to take up space, sometimes OF/quik crashes if not.
OF variables can be changed from linux using the nvsetenv cmomand, and from within OF using the setenv command. if you have IDE disks you must install a large nvramrc patch otherwise OF will not be able to read the disk.
you can find the full OF configuration for a biege G3 at http://penguinppc.org/~jeramy/nvram.config-all . just the nvramrc patch is at http://penguinppc.org/~jeramy/nvramrc.patch . that can be applied via the command nvsetenv nvramrc `cat nvramrc.patch`. at least i think so, i have not tested this. also set the use-nvramrc? varable to true: nvsetenv 'use-nvramrc?' true
see the debian-powerpc list archives for some other help, and post thier if you need more assistence.
quik can be used to boot macos, see the quik.conf man page for an example of this, its similar to the lilo other= imagename.
one note of warning: DO *NOT* EVER change the load-base or nvramrc variables on a NewWorld (colored hardware) mac, or any mac with OpenFirmware 3.0 or later. if you do the bootrom may be DESTROYED and the motherboard will have to be replaced!
--
if its a NewWorld box (colored case, not beige) you should use ybin and yaboot. ybin will create a nice text based boot menu of OS choices including GNU/Linux (of course), MacOS, MacOSX, Darwin, along with some general purpose menus, CDROM, Network, and OpenFirmware. all of this is fully configurable.
c s.shtml
this explains how to properly partition the disk, you need to create placeholder partitions with MacOS's (or MacOSX's) partitioners at the start of the disk, and then delete them with the linux mac-fdisk (aka pdisk). as with x86 you need to create linux (and the bootstrap) partitions with linux and not macos.
/boot/boot.b ybin is akin to /sbin/lilo.
the most important step though is creating a bootblock. Macs don't have an MBR like x86 machines do, so what you need to do is create the first partition on the disk as a 800K type Apple_Bootstrap partition, the special type is recognized by OpenFirmware, but MacOS will not mount it. this is very important since MacOS will see that the parittion does not have real MacOS and will render it unbootable. making it the first partition lets you simply reset OpenFirmware to its factory default configuration and (if the bootstrap was setup by ybin) it will be booted by OpenFirmware *automatically*.
see my partitioning guide at: http://penguinppc.org/usr/ybin/doc/mac-fdisk-basi
as for distributions, only Debian GNU/Linux includes ybin and yaboot right on the boot floppies (you have to run them manually still, but they are there) ydl 1.2* does not have ybin (2.0 if its ever released might) no version of LinuxPPC includes it, and SuSE does not either (AFAIK).
the option key trick mentioned here only works on iBooks, and AGP G4s, not older NewWorld macs such as pre slot loading iMacs and G3s. its also rather slow as it probes all the partitions first. The ybin boot menu is fast (ybin configured bootstrap partitions show up with the option key chooser, as an icon with a penguin on it at that) and the most configurable thing you will find. ybin itself is a lilo like installer for yaboot, yaboot is akin to lilo's
http://penguinppc.org/usr/ybin
http://penguinppc.org/usr/ybin/doc/
(my homepage at alaska.net also has all of these pages)
--
I have NO idea how this GUI installer rumor came about, it is blatently false. Woody will use the same boot floppies as potato does, and the debian installer project will also have a nearly identical UI (the text based curses menu like the current boot-floppies use).
If slashdot (or the submitter) had bothered to actually read Anthony's message in its entirety they would have seen that 1) woody is not frozen yet. and 2) that there is no mention whatsoever of a GUI installer. what Anthony DOES mention is better packaging of GUI software such as KDE/GNOME type programs.
here is a quote from the actual message where this silly rumor must have come from:
Third, I'd really like to see Debian include some of the nice "desktopy" stuff that's coming out for Linux these days: office software, DVD players, games, KDE, Gnome, Mozilla and so on. I'd like to see the installer cope nicely with the hardware that goes with it, video cards and sound cards and TV cards and whatever.
--
It seems there is a real `Redhat == Linux' like syndrome with PowerPC GNU/Linux except its `LinuxPPC 2000 == Linux on PowerPC'
All of the distributions that run on PowerPC use the same Linux kernel, thus all distributions which run on PowerPC will also run on this new machine.
Just a few other GNU/Linux distributions which run on PowerPC hardware including this PowerBook:
Debian
SuSE
YellowDog
--
I have written documentation and installation utilities for yaboot, you can find at my web page:
http://www.alaska.net/~erbenson/
--
Then use BootX from OS 9
NO! don't use BootX on newworld machines it does *NOT* work. you must use yaboot instead.
Damn! I thought that if you installed OS X on the same partition then you couldn't boot OS 9! That's why I didn't do it. Oh well. DP4 was stable on my iBook anyway.
That is true, well i suppose you could but it would involve getting the OS9 system folder reblessed (a pain) which renders OSX unbootable...
The other problem is if you have separate partitions but use HFS+ for OSX, once you boot OS9 it mounts your OSX partition and sees its not really MacOS and deblesses it! making OSX unbootable.
Your much better off using UFS for OSX on a seperate partition.
And to the previous poster about dual booting, look at ybin it makes tri booting MUCH simpler then that, no fscking with boot variables and control panels, just reboot and choose your OS from the boot menu.
--
Ethan
If you wish to run GNU/Linux on Apple hardware your better off staying away from the most recent machines, pretty much every time apple makes a revision on thier hardware it takes at least a couple months before the support makes its way into the kernel and stabalizes. If you find an older revision you will have alot better luck. However, do be sure to get the so called `Newworld' era machines, (pretty much anything 1999 and on) the `oldworld' (beige etc) hardware is much more difficult to run OSX on, and is much harder to boot GNU/Linux without MacOS.
As for running GNU/Linux, OSX and OS9, this is quite possible, you just need to think ahead when partitioning, `newworld' Apple hardware needs a small 800K "Apple_Bootstrap" partition to hold the yaboot bootloader. see my partitioning doc at http://penguinppc.org/usr/ybin/doc/ ; ; ; along with the yaboot-faq. my bootloader installer (ybin) also lets you create a boot menu for the 3 OSes.
For newwer (G4 era) Apple hardware the best kernel source tree to use would be Ben's: http://ppclinux.apple.com/~benh/
I recommend the Debian distribution for powerpc hardware, in my experience its the most complete and stable.
--
Ethan
if you have already installed one machine and have the packages the way you want run:
dpkg --get-selections \* > packagelist
on the target machine run:
dpkg --set-selections < packagelist
apt-get dselect-upgrade
done!
--
Ethan
yes i had that exact mouse problem on an Athlon box, never could find a solution (i no longer have the machine so that `solved' it) the only difference from you is CPU usage had nothing to do with it in my case, simply moving the mouse around triggered all kinds of whacked out behavior (moving itself clicking all 3 buttons etc) i even tried 3 different mice, no effect.
i have two intel machines and a powerpc with debian potato and no mouse problems, i cannot explain what the problem with the athlon was...
OpenFirmware is indeed a rather broken thing, but the so called `newworld' macs have a OpenFirmware that is usable enough to boot without macos using yaboot.
/dev/null .signature
check out ybin, which is an installer i wrote to initialize a small 800K HFS bootstrap partition and put yaboot on it. it will install a small OF script and do some black magic causing OF to believe the bootstrap partition is a copy of MacOS, without requiring ANY macos present.
you will however need to create a 800K bootstrap (make the type "Apple_Bootstrap" instead of the usual "Apple_HFS" to protect against MacOS ruining it.
ybin is at my web page.
--
ln -s
Yet Another Reason For ACLs?
/dev/null .signature
ACLs won't do any good in this case, its not that the permissions are deficient, its that NFS has a flawed design when it comes to security: it completely trusts the client to take care of enforcing the permissions. so even if you had acls it won't do any good since the client root can ignore them anyway. Its already been mentioned that you can squash root but that only works when all files are owned by root, which is not very useful for home directories.
I'm not sure the classic UNIX security makes any sense anymore.
I don't think its classic unix security that is the problem here, its the classic NFS non-security that is the problem. any system which trusts the client for authentication/permission enforcement is fundementally flawed.
I think you might be thinking along the lines that `all powerful root' does not make sense any more, and in some cases it does not which is why there are some capability based systems (trusted irix and such) where uid 0 is just another account. Trusted IRIX has this available as an option but i suspect (i have no real numbers) that most IRIX users configure it WITH the all powerful super-user enabled, simply because administering a fully capability based system with no root is much more difficult and thus more time consuming. (i could be wrong here but that is the impression i get)
Maybe you could just rm su?
as has been mentioned revoking root access in this case is probably not an option. even if it were they would have to deal with loads of physical access problems. the network, the workstations etc etc.
--
ln -s
That means remove, and wipe over with \0's.
I don't think rm does this by default, there is a ext2 attribute to cause deleted files to be securely deleted but I am not sure if its actually implemented. the chattr man page says only c and u are unimplemented (compress and undeleteable) so maybe it is...
from man chattr:
When a file with the `s' attribute set is deleted, its blocks are zeroed and written back to the disk.
this is not exactly the most convenient way to go if you want every file you delete to be securely deleted however, in that case exchanging rm for wipe is probably what you want.
--
blah blah blah
The Free Software Foundation has a page explaining several of the more common licences, and whether they are truly Free or not (the APSL is not Free)
http://www.fsf.org/philosophy/licen se-list.html
--
For the details on why the APSL is NOT a Free (speech) software licence go here:
http://www.fsf.org/philosophy/apsl.html
--
They install software in wacky places (compared to where the software would be installed had you issued "make install")
/usr/local/*), instead all packaged software goes into the /usr/* hierarchy. what does does is separate the packaged software from what has been self compiled and installed by the local admin (make ; make install) which goes into /usr/local/.
/usr/local with packaged software which may or may not interfere with a replacement you install yourself. it would also make managing your self compiled stuff a massive pain. you would need to check that you don't break some packaged software, and have make sure a package will not blow away something of yours. the debian packaging system by policy does not permit packages to touch /usr/local and thus anything you put there is safe from the packager.
.rpms dump stuff in /usr/local all the time.
:)
You are right software is not installed in the same place as a make install will put it (usually
if this were not so, you would have a massive
this is basically the same way redhat does it, except i used to have
I agree packaging systems can sometimes get in the way, and if you are the type who dislike the idea of a packager i would suggest slackware as the system of choice. to each his own
--
Really nice guys, those RedHat people, huh? If they can't ripoff the end users, they'll get the businesses instead. I think maybe I'll just switch back to an all-AIX environment. At least AIX doesn't come out with bugfixes daily then say 'oh, screw you. Here's a new version you have to buy.' They can sit on a version, release bugfixes, and integrate them into the next version, a year or two down the road.
Pfah. RedHat. It's sad to see what Linux has become.
Redhat is NOT Linux!
There are many GNU/Linux distributions Redhat is only one of the many, don't like thier attitude then use one of the others. Anyone can make a GNU/Linux distribution and not all are going to be wonderful. so what? there are plenty of others that are great distributions.
If you want to abandon GNU/Linux thats your choice, but don't abandon it just because of one distribution/distributer is not to your liking.
Ethan
Is it the complete neophyte who knows nothing about computers at all? If so, no mainstream OS qualifies. Is it the casual user? Is it the "power" user? Or is it the totally geeked-out hacker type?
There are two routes to go in `ease of use' there is short term ease of use, where you take someone out of a rainforest who has never seen a computer and they can figure it out and use it in a very short ammount of time. And than there is `long term usability' where it may have a learning curve or may take a bit of getting used to but *once you know it* you can use it much more efficiently.
The short term ease of use very often sacrifices long term efficiency.
For Apple the short term usability is more important, for GNU/Linux, OPENSTEP (or UN*X in general) long term efficiency is more important.
Personally I will take long term efficiency with some short term work (learning) over something that will be nice at first and annoying as hell in the longterm.
Ethan
Well I got to talk to RMS today as he was here at the university, this issue came up and I asked him specifically about the contention that this is a beta and thus is not violating the GPL argument people have been making, his response:
``balderdash!''
You can find the full text of the bill itself and an analysis here:
http://www.epic.org/crypto/legislation/cesa/
It appears that 64 bit encryption will be allowed, and 128 `may be' allowed if it is designed for `end users' and does not require very much tech support, and is not being exported to the 7 `terrorist' countries.
I also read in a transcipt of a White House briefing that Wassenaar will be modified to reflect this somehow, but it was somewhat vague...
Something else interesting is this so called 3rd party key repository which people can optionaly deposit thier private keys for `backup' purposes. The Government of course can get access to any key this 3rd party has after getting proper `judicial authorization'. I am sure we will see alot of Government BS to try and convince people to deposit thier keys...
--He who gives up liberty for security ends up with neither. --Benjamin Franklin
Here is the main progress page:
e ss.html
http://gnustep.403forbidden.net/information/progr