Re: Peace is not off topic
Hi! * Cesar Rincon [EMAIL PROTECTED] [20030311 07:16]: Well, I guess I am betraying you too, quite openly at that. What now? Am I evil and insane, too? Would you like to enforce your laws on me and my family? You better make sure I don't survive the enforcing. uh, careful what you say .. that's the plan .. three quotes: If violence isn't solving your problems, you're not using enough of it. -- Misato Katsuragi If people can be educated to see the lowly side of their own natures, it may be hoped that they will also learn to understand and to love their fellow men better. A little less hypocrisy and a little more tolerance towards oneself can only have good results in respect for our neighbor; for we are all too prone to transfer to our fellows the injustice and violence we inflict upon our own natures. -- Carl Jung (1875-1961, Swiss Psychiatrist) No violence, gentlemen -- no violence, I beg of you! Consider the furniture! -- Sherlock Holmes --- ON TOPIC OFF TOPIC STOPPER! --- --- ON TOPIC OFF TOPIC STOPPER! --- --- ON TOPIC OFF TOPIC STOPPER! --- ... okay .. now, before we need peace keeping squads ourselves, we should stop talking about politics here, for our own good. talking about politics or religion (which isn't fit to hold a candle to true faith) is tabooed in quite some coalescences, and we should stop short of going so far as to require forbidding it (by mailing list policy) as well. also, we should refrain from attacking each other, but - if we have to do it at all - only attack the behaviour. otherwise, it gets personal and emotional, and after a while, there's no place for winners. usually, if you put up a (verbal) fight with an idiot, they get you down to their level in due time, and there they simply smash you with experience. that said, let's get back to debian security traffic, or no traffic at all - anybody who agrees with me can show so by simply shutting the fsck up about you-know-what ;) I'll do. I think we should talk about palladium, thou. anybody got any idea how we're going to face it, if we got a chance, and what is implied (I don't wanna start)? shouldn't be off-topic at all. Kind regards Count P.S: I'm quite happy about the variety of people and mindsets which shines through when discussion go like this - thanks for being there, all of you! I live to learn - and you? :) P.P.S: in case you're wondering: I poured oil on the topic, I may try to take some heat out - don't you think? -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Arm it .. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
secure documents - Was: db2 and Debian
Hi! * Tom Panning [EMAIL PROTECTED] [20030312 03:13]: Solicitor/lawyer deposits a sensitive document on a server and only select ppl whom that lawyer selects can access or download that document. It must be secure, auditable and keep lawyers happy! well, in case you don't trust https et all, use gnupg, combining pgp symmetric encryption for the content, asymmetric encryption for distribution of the symmetric key to selected people, and pgp timestamping/logging of hash sums for auditing, combined with a nice (web)frontend in php/perl/whatever .. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Arm it .. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Peace is not off topic
Hi! * Cesar Rincon [EMAIL PROTECTED] [20030311 07:16]: Well, I guess I am betraying you too, quite openly at that. What now? Am I evil and insane, too? Would you like to enforce your laws on me and my family? You better make sure I don't survive the enforcing. uh, careful what you say .. that's the plan .. three quotes: If violence isn't solving your problems, you're not using enough of it. -- Misato Katsuragi If people can be educated to see the lowly side of their own natures, it may be hoped that they will also learn to understand and to love their fellow men better. A little less hypocrisy and a little more tolerance towards oneself can only have good results in respect for our neighbor; for we are all too prone to transfer to our fellows the injustice and violence we inflict upon our own natures. -- Carl Jung (1875-1961, Swiss Psychiatrist) No violence, gentlemen -- no violence, I beg of you! Consider the furniture! -- Sherlock Holmes --- ON TOPIC OFF TOPIC STOPPER! --- --- ON TOPIC OFF TOPIC STOPPER! --- --- ON TOPIC OFF TOPIC STOPPER! --- ... okay .. now, before we need peace keeping squads ourselves, we should stop talking about politics here, for our own good. talking about politics or religion (which isn't fit to hold a candle to true faith) is tabooed in quite some coalescences, and we should stop short of going so far as to require forbidding it (by mailing list policy) as well. also, we should refrain from attacking each other, but - if we have to do it at all - only attack the behaviour. otherwise, it gets personal and emotional, and after a while, there's no place for winners. usually, if you put up a (verbal) fight with an idiot, they get you down to their level in due time, and there they simply smash you with experience. that said, let's get back to debian security traffic, or no traffic at all - anybody who agrees with me can show so by simply shutting the fsck up about you-know-what ;) I'll do. I think we should talk about palladium, thou. anybody got any idea how we're going to face it, if we got a chance, and what is implied (I don't wanna start)? shouldn't be off-topic at all. Kind regards Count P.S: I'm quite happy about the variety of people and mindsets which shines through when discussion go like this - thanks for being there, all of you! I live to learn - and you? :) P.P.S: in case you're wondering: I poured oil on the topic, I may try to take some heat out - don't you think? -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Arm it ..
secure documents - Was: db2 and Debian
Hi! * Tom Panning [EMAIL PROTECTED] [20030312 03:13]: Solicitor/lawyer deposits a sensitive document on a server and only select ppl whom that lawyer selects can access or download that document. It must be secure, auditable and keep lawyers happy! well, in case you don't trust https et all, use gnupg, combining pgp symmetric encryption for the content, asymmetric encryption for distribution of the symmetric key to selected people, and pgp timestamping/logging of hash sums for auditing, combined with a nice (web)frontend in php/perl/whatever .. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Arm it ..
Re: Peace is not off topic
Hi! * Andreas Vitz [EMAIL PROTECTED] [20030311 02:41]: Why do you think iraq will destroy your holy USA ?? Don't you think Iraq CAN attack any country on earth ?? using missiles that reach 110 to 180 kilometers, the iraq cant't destroy the US. I don not know whom the iraq will attack but I think that they won't attack the US!! I don't think Iraq will destroy the US. I think that Iraq might supply chemical and/or biological weapons to terrorists who would definitely attack the US. i never said anything about the missiles. chemical and biological weapons do not require missiles to deliver them. oh, the Antrax which was mailed to various people after 9/11 didn't come from US laboratories? the US doesn't have any chemical or biological weapons which they give to other countries? let me think .. the iraq, for example, when iran was 'collaborating' with the russians .. d'uh. USA wants to be a global player,okay USA is a global player, but bush plays a game that nobody wants to play!! and what game is that? deception, disinformation, humiliation, paternalism - against US citizens, the hole free democratic world (the US are a republic), etc .. 'oh what a tangled web we weave when we at first try to deceive' .. most people in the US don't even get a chance to get their hands on non-contaminated/censored educational material :( so they are made to think everything's fine. I'm definitely not contra-US, but the deception of large companies and company-controlled governements baffles all descriptions - and the lack of power over oneselves resulting in enforcing power over others (inside and outside the US) is quite a shame. I agree that iraq shouldn be allowed to have biological/chemical or what ever - weapons. BUT the US shouldn't either. NOBODY has the right to destroy/ or even harm anybody on this HOLY earth!! I agree with you on that. so do I. holeheartedly. but look at the budgets .. and for what they are used .. I agree that the force that the US-Army by there presence in the gulf-region puts on Saddam Hussein is good. I don't belive without the presence of the Army sadam wouldn't do anything. BUT I hope that there will be NO need to fight a war agains Saddam, besides a psychological war !! right now it IS only a psychological war, but what will happen when saddam realizes that? i don't think a psychological war will have much of an effect then! I'm pretty sure he's quite aware of that, but he should be smoked out psychologically, not with weapons, and not his citizens. so I say: more time, more weapons inspectors, UN-controlled polls (preferrably in the US, too), more destruction of weapons, less sanctions. and less spoiled sons of oil barons. ... okay, now regarding debian-security: I fear my system may be used for psychological cyberwarfare, i.e. I might get e-mails messing with my brain. what can I do? ;) Count P.S: something for the lawyers: are there any licenses explictly disallowing the use of software in conjunction with war? would it be debian-compatible? -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Arm it .. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Peace is not off topic
Hi! * Steve Johnson [EMAIL PROTECTED] [20030311 03:11]: Since when did a bunch of Debian/Linux developers, maintainers, users become Politicians? I must have missed that transitional period. If I wanted to here this crap, I'd start watching the news! you'd get less information there, than here. and: if you don't turn in on politics, it will turn in on you. has always been true so far. so, do the world a favour: go voting EVERY TIME you can, even if you only want to show that none of the options left is desireable by making your vote invalid. as an open source user, I _insist_ on the right to choose .. and I _insist_ on excercising it - otherwise, someone will sooner or later take it away from me ... .. another topic definitely touching security: if someone handles my security for me, how about my security if he turns on me? will debian run on TCPA/palladium systems? Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Arm it .. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Peace is not off topic
Hi! * Andreas Vitz [EMAIL PROTECTED] [20030311 02:41]: Why do you think iraq will destroy your holy USA ?? Don't you think Iraq CAN attack any country on earth ?? using missiles that reach 110 to 180 kilometers, the iraq cant't destroy the US. I don not know whom the iraq will attack but I think that they won't attack the US!! I don't think Iraq will destroy the US. I think that Iraq might supply chemical and/or biological weapons to terrorists who would definitely attack the US. i never said anything about the missiles. chemical and biological weapons do not require missiles to deliver them. oh, the Antrax which was mailed to various people after 9/11 didn't come from US laboratories? the US doesn't have any chemical or biological weapons which they give to other countries? let me think .. the iraq, for example, when iran was 'collaborating' with the russians .. d'uh. USA wants to be a global player,okay USA is a global player, but bush plays a game that nobody wants to play!! and what game is that? deception, disinformation, humiliation, paternalism - against US citizens, the hole free democratic world (the US are a republic), etc .. 'oh what a tangled web we weave when we at first try to deceive' .. most people in the US don't even get a chance to get their hands on non-contaminated/censored educational material :( so they are made to think everything's fine. I'm definitely not contra-US, but the deception of large companies and company-controlled governements baffles all descriptions - and the lack of power over oneselves resulting in enforcing power over others (inside and outside the US) is quite a shame. I agree that iraq shouldn be allowed to have biological/chemical or what ever - weapons. BUT the US shouldn't either. NOBODY has the right to destroy/ or even harm anybody on this HOLY earth!! I agree with you on that. so do I. holeheartedly. but look at the budgets .. and for what they are used .. I agree that the force that the US-Army by there presence in the gulf-region puts on Saddam Hussein is good. I don't belive without the presence of the Army sadam wouldn't do anything. BUT I hope that there will be NO need to fight a war agains Saddam, besides a psychological war !! right now it IS only a psychological war, but what will happen when saddam realizes that? i don't think a psychological war will have much of an effect then! I'm pretty sure he's quite aware of that, but he should be smoked out psychologically, not with weapons, and not his citizens. so I say: more time, more weapons inspectors, UN-controlled polls (preferrably in the US, too), more destruction of weapons, less sanctions. and less spoiled sons of oil barons. ... okay, now regarding debian-security: I fear my system may be used for psychological cyberwarfare, i.e. I might get e-mails messing with my brain. what can I do? ;) Count P.S: something for the lawyers: are there any licenses explictly disallowing the use of software in conjunction with war? would it be debian-compatible? -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Arm it ..
Re: Peace is not off topic
Hi! * Steve Johnson [EMAIL PROTECTED] [20030311 03:11]: Since when did a bunch of Debian/Linux developers, maintainers, users become Politicians? I must have missed that transitional period. If I wanted to here this crap, I'd start watching the news! you'd get less information there, than here. and: if you don't turn in on politics, it will turn in on you. has always been true so far. so, do the world a favour: go voting EVERY TIME you can, even if you only want to show that none of the options left is desireable by making your vote invalid. as an open source user, I _insist_ on the right to choose .. and I _insist_ on excercising it - otherwise, someone will sooner or later take it away from me ... .. another topic definitely touching security: if someone handles my security for me, how about my security if he turns on me? will debian run on TCPA/palladium systems? Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Arm it ..
Re: [work] Integrity of Debian packages
Hi! this is off topic, but in case you've been wondering, too: * Joost Beintema [EMAIL PROTECTED] [20030308 04:47]: Your comment seems to lay blame for 9/11 on the intelligence community. It's fair to say that they had major flaws at that time (and possibly now as well). You could argue that this specific incident could have been prevented if certain measures were in place. Keep in mind, the perpetrators were a determined group that was willing to accept death in the pursuit of their goal. That's a combination that is nearly unstoppable. All I hear is a war-yelling Bush but I haven' heared any good story (from politicians) about the WHY of attacks. economic reasons: - the oil price influences a HUGE part of the economy, having to pay the market price for iraq oil doesn't work - the bush family is a not-so-small player in weapons industry as well as oil industry - deficit/military/government spending is good for the economy (any economist can tell you that) .. the formula: GDP = C+G+I+X-Im (where: GDP == Gross Domestic Product C == Consumption G == Government spending I == Investments X == Exports Im == Imports) .. this very formular also explains tax cuts, the deficit, the hype against foreign products / Imports, etc. - military spending: Irak:~ 20.0% of GDP USA: ~ 5.5% of GDP (!) Germany: ~ 3.5% of GDP .. reasoning goes that a raise of spending for weapons beyond a general percentage is a precursor for war - as it has always been the actual values don't seem to matter much - the fact that the US just have a _huge_ GDP does count a lot .. $400 _billion_ military expenses a year are 'only' 5.5% .. the ~$26 billion offered to turkey are interesting, too. far more interesting are the ~$15 _million_ for post-war refugee help (UNHCR). another question: how could iraq to something decent using its money, considering the sanctions and the interweavement of countries these times? - old ammunition and weapon technologies have to be -uh- put out of service political reasons: - gaining access to he iraq oil fields would lessen the influence of OPEC, thus the oil price - solving the palaestina/israel conflict would compromise israel - disrupting europe unity means keeping relative strength pyschological reasons: - giving in to europe would mean losing face - admiting one was wrong would mean losing face - searching problems everywhere else but at home is far easier than facing reality - powerlessness (e.g. regarding 9/11) of oneself usually results in applying power to others .. just guessing. I'm pretty sure there are more in each category. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Arm it .. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [work] Integrity of Debian packages
Hi! this is off topic, but in case you've been wondering, too: * Joost Beintema [EMAIL PROTECTED] [20030308 04:47]: Your comment seems to lay blame for 9/11 on the intelligence community. It's fair to say that they had major flaws at that time (and possibly now as well). You could argue that this specific incident could have been prevented if certain measures were in place. Keep in mind, the perpetrators were a determined group that was willing to accept death in the pursuit of their goal. That's a combination that is nearly unstoppable. All I hear is a war-yelling Bush but I haven' heared any good story (from politicians) about the WHY of attacks. economic reasons: - the oil price influences a HUGE part of the economy, having to pay the market price for iraq oil doesn't work - the bush family is a not-so-small player in weapons industry as well as oil industry - deficit/military/government spending is good for the economy (any economist can tell you that) .. the formula: GDP = C+G+I+X-Im (where: GDP == Gross Domestic Product C == Consumption G == Government spending I == Investments X == Exports Im == Imports) .. this very formular also explains tax cuts, the deficit, the hype against foreign products / Imports, etc. - military spending: Irak:~ 20.0% of GDP USA: ~ 5.5% of GDP (!) Germany: ~ 3.5% of GDP .. reasoning goes that a raise of spending for weapons beyond a general percentage is a precursor for war - as it has always been the actual values don't seem to matter much - the fact that the US just have a _huge_ GDP does count a lot .. $400 _billion_ military expenses a year are 'only' 5.5% .. the ~$26 billion offered to turkey are interesting, too. far more interesting are the ~$15 _million_ for post-war refugee help (UNHCR). another question: how could iraq to something decent using its money, considering the sanctions and the interweavement of countries these times? - old ammunition and weapon technologies have to be -uh- put out of service political reasons: - gaining access to he iraq oil fields would lessen the influence of OPEC, thus the oil price - solving the palaestina/israel conflict would compromise israel - disrupting europe unity means keeping relative strength pyschological reasons: - giving in to europe would mean losing face - admiting one was wrong would mean losing face - searching problems everywhere else but at home is far easier than facing reality - powerlessness (e.g. regarding 9/11) of oneself usually results in applying power to others .. just guessing. I'm pretty sure there are more in each category. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Arm it ..
Re: Cryptoswap -- was Re: raw disk access
Hi! * Hubert Chan [EMAIL PROTECTED] [20030115 04:20]: Rolf == Rolf Kutz [EMAIL PROTECTED] writes: Rolf * Quoting Joshua SS Miller ([EMAIL PROTECTED]): Cryptoswap? Hmm sound like something I was thinking about earlier today. Do you have a good resource for this? Rolf http://www.kerneli.org/index.php Do the kerneli modules (officially) work with encrypted swap? I know loop-AES does, but I couldn't find anything about the kerneli (cryptoapi/cryptoloop) modules. (For loop-AES, do a Google search for it.) When encrypting swap, you need to make sure that you don't allocate new memory. Otherwise, it may cause some swapping, which makes you do encryption, which may allocate new memory, ad infinitum. loop-AES takes care of that explicitly, by preallocating memory, but I don't think cryptoapi/cryptoloop does, so you may be taking your chances with it. FUD alert! I like loop-AES, too, and would REALLY love general inclusion into Debian kernels, but this doesn't mean the authors of alternatives are/may be idiots. Please don't spread Fear, Uncertainty and Doubt without referring to facts you're sure of. Leave that to Mickeysoft ;) My EUR 0.02. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Load it .. msg08428/pgp0.pgp Description: PGP signature
Re: Cryptoswap -- was Re: raw disk access
Hi! * Hubert Chan [EMAIL PROTECTED] [20030115 21:33]: Andreas == Andreas Kotes [EMAIL PROTECTED] writes: Andreas FUD alert! I like loop-AES, too, and would REALLY love general Andreas inclusion into Debian kernels, but this doesn't mean the Andreas authors of alternatives are/may be idiots. Andreas Please don't spread Fear, Uncertainty and Doubt without Andreas referring to facts you're sure of. Leave that to Mickeysoft ;) I wasn't trying to spread FUD. See how my first sentence was a question, and my use of I couldn't find [information] and I don't think, all of which are asking for more clarification. [..] If you can point me to an official statement, please let me know. Things to the effect of it works for me don't count, since the issue doesn't seem to be terribly likely to occur. Since you have asked me not to spread FUD without referring to facts, I would ask that you return the same courtesy and not call someone on spreading FUD without referring to facts. have a look at the sourcecode in e.g. http://www.kernel.org/pub/linux/kernel/people/hvr/testing/patch-int-2.4.20.1.bz2 .. the only places where memory allocation occurs at all is during initialization and when using a digest. for a read or write access memory pointers are set up and are passed to the function implementing the cipher algorithm. none of these do any memory allocation at all, but work on existing memory. no need to find a statment saying `the code does what the code says`. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Load it .. msg08432/pgp0.pgp Description: PGP signature
Re: Cryptoswap -- was Re: raw disk access
Hi! * Martin Hermanowski [EMAIL PROTECTED] [20030116 01:18]: On Wed, Jan 15, 2003 at 06:26:32PM -0500, Hubert Chan wrote: Andreas == Andreas Kotes [EMAIL PROTECTED] writes: Andreas patch-int is all of the above combined, for (optional) Andreas compilation into the kernel. That would have been my guess too. BTW, I've also grepped through the cryptoapi and cryptoloop sources, and they seem to be only allocating memory at initialization and in the digest functions too (which would be expected). Yay! I guess I'll be setting up encrypted swap soon! :-) (sure - patch-int is cryptoapi+cryptoloop+ipsec_tunnel - see http://www.kerneli.org/about/) Is it possible to use swsusp and crypto-swap? I'ld say no, because there is no way for the kernel to get the key before swsusp resumes. d'accord. It there any other way to do this? unless you use nvram or an external (cryptographic) token - no (storing it on harddisk would be ridiculously stupid) .. I know of no current implementation, but this could be done using e.g. Java iButtons, SmartCards (e.g. Schlumberger Cryptoflex), USB Tokens and the like. You'd want to authenticate against the USB Token on resume, thou. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Load it .. msg08437/pgp0.pgp Description: PGP signature
Re: Cryptoswap -- was Re: raw disk access
Hi! * Hubert Chan [EMAIL PROTECTED] [20030115 04:20]: Rolf == Rolf Kutz [EMAIL PROTECTED] writes: Rolf * Quoting Joshua SS Miller ([EMAIL PROTECTED]): Cryptoswap? Hmm sound like something I was thinking about earlier today. Do you have a good resource for this? Rolf http://www.kerneli.org/index.php Do the kerneli modules (officially) work with encrypted swap? I know loop-AES does, but I couldn't find anything about the kerneli (cryptoapi/cryptoloop) modules. (For loop-AES, do a Google search for it.) When encrypting swap, you need to make sure that you don't allocate new memory. Otherwise, it may cause some swapping, which makes you do encryption, which may allocate new memory, ad infinitum. loop-AES takes care of that explicitly, by preallocating memory, but I don't think cryptoapi/cryptoloop does, so you may be taking your chances with it. FUD alert! I like loop-AES, too, and would REALLY love general inclusion into Debian kernels, but this doesn't mean the authors of alternatives are/may be idiots. Please don't spread Fear, Uncertainty and Doubt without referring to facts you're sure of. Leave that to Mickeysoft ;) My EUR 0.02. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Load it .. pgpqXXiCyd3oO.pgp Description: PGP signature
Re: Cryptoswap -- was Re: raw disk access
Hi! * Hubert Chan [EMAIL PROTECTED] [20030115 21:33]: Andreas == Andreas Kotes [EMAIL PROTECTED] writes: Andreas FUD alert! I like loop-AES, too, and would REALLY love general Andreas inclusion into Debian kernels, but this doesn't mean the Andreas authors of alternatives are/may be idiots. Andreas Please don't spread Fear, Uncertainty and Doubt without Andreas referring to facts you're sure of. Leave that to Mickeysoft ;) I wasn't trying to spread FUD. See how my first sentence was a question, and my use of I couldn't find [information] and I don't think, all of which are asking for more clarification. [..] If you can point me to an official statement, please let me know. Things to the effect of it works for me don't count, since the issue doesn't seem to be terribly likely to occur. Since you have asked me not to spread FUD without referring to facts, I would ask that you return the same courtesy and not call someone on spreading FUD without referring to facts. have a look at the sourcecode in e.g. http://www.kernel.org/pub/linux/kernel/people/hvr/testing/patch-int-2.4.20.1.bz2 .. the only places where memory allocation occurs at all is during initialization and when using a digest. for a read or write access memory pointers are set up and are passed to the function implementing the cipher algorithm. none of these do any memory allocation at all, but work on existing memory. no need to find a statment saying `the code does what the code says`. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Load it .. pgpNMVLOz1Tly.pgp Description: PGP signature
Re: Cryptoswap -- was Re: raw disk access
Hi! * Hubert Chan [EMAIL PROTECTED] [20030115 22:55]: Andreas == Andreas Kotes [EMAIL PROTECTED] writes: Andreas have a look at the sourcecode in e.g. Andreas http://www.kernel.org/pub/linux/kernel/people/hvr/testing/patch-int-2.4.20.1.bz2 Thanks. I'll take a look at that. If you don't mind clarifying something for me, what is the relationship between patch-int, and cryptoapi and cryptoloop? here's how I understand it: the cryptoapi is the crypto infrastructure for the kernel, including some ciphers .. this code can be used by other stuff, for example cryptoloop (the loopback crypto device implementation) or ipsec_tunnel. all of this can be compiled as a module, and loaded into (almost) any kernel. patch-int is all of the above combined, for (optional) compilation into the kernel. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Load it .. pgplFh24JFeFU.pgp Description: PGP signature
Re: Cryptoswap -- was Re: raw disk access
Hi! * Martin Hermanowski [EMAIL PROTECTED] [20030116 01:18]: On Wed, Jan 15, 2003 at 06:26:32PM -0500, Hubert Chan wrote: Andreas == Andreas Kotes [EMAIL PROTECTED] writes: Andreas patch-int is all of the above combined, for (optional) Andreas compilation into the kernel. That would have been my guess too. BTW, I've also grepped through the cryptoapi and cryptoloop sources, and they seem to be only allocating memory at initialization and in the digest functions too (which would be expected). Yay! I guess I'll be setting up encrypted swap soon! :-) (sure - patch-int is cryptoapi+cryptoloop+ipsec_tunnel - see http://www.kerneli.org/about/) Is it possible to use swsusp and crypto-swap? I'ld say no, because there is no way for the kernel to get the key before swsusp resumes. d'accord. It there any other way to do this? unless you use nvram or an external (cryptographic) token - no (storing it on harddisk would be ridiculously stupid) .. I know of no current implementation, but this could be done using e.g. Java iButtons, SmartCards (e.g. Schlumberger Cryptoflex), USB Tokens and the like. You'd want to authenticate against the USB Token on resume, thou. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Load it .. pgp33I7l32ZAV.pgp Description: PGP signature
Re: How to get the current security updates on CD?
* John Morton [EMAIL PROTECTED] [20030106 23:53]: On Tue, 07 Jan 2003 04:37, [EMAIL PROTECTED] wrote: 2) Set up a private ftp/http mirror of security.debian.org and update the system from there before connecting it to the internet... Yes, this is what I would like to do, but I'm not clear on the mechanics of doing it. Does any Howto describe how to do this? Do I need root access for the mirror site? Where can I find instructions? You could mirror the whole site via ftp or rsync as described elsewhere, but if bandwidth usage and storage space are important to you, I'd recommend the apt-move package as being the easiest way to mirror a specific arch/distro combination. ... or you could use apt-proxy (which gets package lists and caches packages requested at least once on the local disk) and disallow incoming connections before you got your system updated via it. this way, you only download and store packages indeed used by your machines, and only transmit each paket once from security.debian.org to your apt-proxy. in case you're concerned about package integrity, consider using the debsig/debsig-verify packages. just my EUR 0.02 .. Count
Re: XFree86 4.2 bug in Debian Testing
* David Stanaway [EMAIL PROTECTED] [20021110 14:19]: On Fri, 2002-11-08 at 11:42, Joseph Pingenot wrote: xhost is for working with connections coming over tcp. :0.0 uses a named socket (/tmp/Xsomething), and Debian's X servers don't listen in on a tcp socket by default (security. No chance of someone sniffing your password if nobody can connect remotely!). Thus, xhost won't work. Try.. xhost + 'local:*' not much better. this way, you 'only' give local users access to your X-session to open (transparent, event catching, screenshoting) windows and the like, not the hole world .. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Load it .. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: XFree86 4.2 bug in Debian Testing
* David Stanaway [EMAIL PROTECTED] [20021110 14:19]: On Fri, 2002-11-08 at 11:42, Joseph Pingenot wrote: xhost is for working with connections coming over tcp. :0.0 uses a named socket (/tmp/Xsomething), and Debian's X servers don't listen in on a tcp socket by default (security. No chance of someone sniffing your password if nobody can connect remotely!). Thus, xhost won't work. Try.. xhost + 'local:*' not much better. this way, you 'only' give local users access to your X-session to open (transparent, event catching, screenshoting) windows and the like, not the hole world .. Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Load it ..
Re: Closing ports...
Hi! * Phillip Hofmeister [EMAIL PROTECTED] [20020915 23:23]: On Sun, 15 Sep 2002 at 06:15:04PM +0200, Markus Grunwald wrote: But I have configured junkbuster to listen only to my network: deny 0.0.0.0/0 permit 192.168.42.0/24 I have never used junkbuster before but I will give you my standard advise I give to anyone securing their machine. Investigate iptables (ipchains in 2.2). This will probably be your best tool in locking down a machine. There are plenty of how-tos out their with pre-made rules. I do not endorse any of them. Instead I combined several of them to make my own rules. I endorse FIAIF (http://fiaif.fugmann.dhs.org/), which handles almost everything I'll ever need, and more to come - the author is responsive and feels responsible about FIAIFs qualitay .. have a look at the feature list, it really helped me getting away from the syntax of iptables / ip to telling the box what I want it to do with whats happing on its 7 interfaces .. ;) Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine. Unser Leben ist das, wozu unser Denken es macht. -- OpenPGP key 0x8F94C228 Our Life is what our thinking makes it.. Your mind is a weapon! Load it .. pgph97MFCyebC.pgp Description: PGP signature