Re: #eFail is #reFail
Am 15. May, 2018 schwätzte Herminio Hernandez, Jr. so: moin moin, Any thought on this response from the GnuPG https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html Here's a timeline of GnuPG's interaction with the Efail group starting in November. https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060320.html The EFF is pointing out that while your client might be safe, your message might not due to the other person's mail client. While you may not be directly affected, the other participants in your encrypted conversations are likely to be. For this attack, it isn’t important whether the sender or the receiver of the original secret message is targeted. This is because a PGP message is encrypted to both of their keys. https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0 Not sure how the EFF has data to suggest that most people who actively use OpenPGP to encrypt messages are also using susceptible clients with bad configurations... The suggestion of using offline decryption tools for PGP doesn't fix that problem any more than getting people to use safe email clients with safe configurations. I will agree that many people will want insecure convenience features. Let's use the list from mailpile. https://www.mailpile.is/blog/2018-05-14_PGP_Security_Alert.html 1. Mailpile does not display HTML content by default 2. Before displaying HTML, Mailpile cleans up malformed and incomplete tags. 3. When displaying HTML, Mailpile does not load remote content by default. 4. Mailpile respects the GnuPG error messages which warn of invalid data. 5. Mailpile never sends auto-replies to incoming mail. I predict most people aren't going to stop using HTML email. If they were really serious about security they would already be avoiding HTML email. Mail clients should be doing 2, 4 and 5. Those greatly reduce the danger of 1. 3 should be the default, but some people likely want remote content to just work. There should definitely be a configuration option to do forbid loading remote content without user interaction. Can there be a configuration option to disable HTML and remote content loading for OpenPGP encrypted emails? Additionally, email clients should not allow JavaScript. ciao, der.hans On Mon, May 14, 2018 at 9:21 PM, Matthew Crews wrote: Never been a fan of HTML emails anyway. Its too bad that most websites that have email communications insist on emailing you with HTML. --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- # https://www.LuftHans.com https://www.PhxLinux.org # "It is a miracle that curiosity survives formal education." # -- Albert Einstein --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: #eFail is #reFail
Any thought on this response from the GnuPG https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html On Mon, May 14, 2018 at 9:21 PM, Matthew Crews wrote: > Never been a fan of HTML emails anyway. Its too bad that most websites > that have email communications insist on emailing you with HTML. > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Laptop for compiling.
I recall my first kernel compile on an 8 way opteron dual core system. with its 64 GB of ram. the first one was fast. the second one was ludicrous when all the options were enabled correctly. On Tue, May 15, 2018 at 11:07 AM, Matt Graham wrote: > On 2018-05-15 08:04, techli...@phpcoderusa.com wrote: > >> Back in the day about 23 years ago I had a friend who wrote >> custom desktop software written in C. I think he told me his C program >> would take an hour or more to compile. Back then he was running an >> Intel CPU running at (I hope I get this right) 133MHz with maybe 4M of >> RAM. That was state of the art back then. >> >> I wondering what compile times might look like on modern hardware? >> > > For that particular program, much faster. If it'd even compile. A 2.2.10 > Linux kernel compiled in ~20 minutes on a P150 with 32M in 1999. > Curiously, it's about 19 minutes for "make clean && make bzImage modules" > on a 4.11 kernel on a 4-core 3.2Ghz machine with 8G, but then the number of > device drivers has gone way, way up in 19 years. More RAM up to a point > usually increases compilation speed the fastest. > > -- > Crow202 Blog: http://crow202.org/wordpress > There is no Darkness in Eternity > But only Light too dim for us to see. > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Laptop for compiling.
On 2018-05-15 08:04, techli...@phpcoderusa.com wrote: Back in the day about 23 years ago I had a friend who wrote custom desktop software written in C. I think he told me his C program would take an hour or more to compile. Back then he was running an Intel CPU running at (I hope I get this right) 133MHz with maybe 4M of RAM. That was state of the art back then. I wondering what compile times might look like on modern hardware? For that particular program, much faster. If it'd even compile. A 2.2.10 Linux kernel compiled in ~20 minutes on a P150 with 32M in 1999. Curiously, it's about 19 minutes for "make clean && make bzImage modules" on a 4.11 kernel on a 4-core 3.2Ghz machine with 8G, but then the number of device drivers has gone way, way up in 19 years. More RAM up to a point usually increases compilation speed the fastest. -- Crow202 Blog: http://crow202.org/wordpress There is no Darkness in Eternity But only Light too dim for us to see. --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Laptop for compiling.
Back in the day about 23 years ago I had a friend who wrote custom desktop software written in C. I think he told me his C program would take an hour or more to compile. Back then he was running an Intel CPU running at (I hope I get this right) 133MHz with maybe 4M of RAM. That was state of the art back then. I wondering what compile times might look like on modern hardware? On 2018-05-11 23:05, trent shipley wrote: > I'm thinking about getting a new laptop. Mine is several years old, and while > it's quite serviceable, it boots really slowly, and it doesn't like to run a > guest Ubuntu OS under Oracle VirtualBox. Also, I foresee more compiling in my > future, even though of late I've been rather truant about working on my own > through my Haskell book. I will say no more about the R book. I don't game, > because it is addicting, and therefore bad for me. > > I tend to try to get as much life as possible out of a computer, because I am > poor. I have heard good things about ASUS. I see more Linux in my future, but > I have to have Windows and since Windows tends to come preinstalled, I expect > it would be my native, host OS. > > I'd like to spend $500, but could (and probably will) stretch to $700. > > What could I expect to get for that, and what would you suggest. > > Trent. > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
