Bob Warren wrote:
> In my last post, I recommended a short article of simple, practical
> (layman's) advice for those considering the possibility of trying Linux
> (or my favourite, Ubuntu) and Rev/Linux 2.6.1 for the first time.
>
> It has now been properly presented, and you can view it at the following
> URL if you are interested:
>
> http://www.howsoft.com/runrev/installing_ubuntu_or_other_linuxes.htm
Richard Gaskin wrote:
Thanks for that, Bob. One thing I love about Ubuntu, and which bodes
well for its broad adoption, is that they have probably the easiest,
most convenient, one-CD-image install I've seen. Your article makes it
even easier. Good work.
> There is one other simple piece of advice I would like to offer in
> addition to that given in the article. After downloading ISO files from
> Ubuntu or any other source, CHECK THE BYTE COUNT IS CORRECT before
> burning your CD or attempting to install.
Providing checksums seems a relatively common practice these days, but
it raises a question: if a hacker can replace the download, what's to
prevent them from also replacing the checksum string?
I've had a few customers from large organizations ask me to provide a
checksum for WebMerge, and when I've asked them that question they've
had no answer. Any insight into what I'm overlooking on this would be
appreciated.
--------------------------------------------------- Thank you, and
you're welcome. Any flashes of insight will be immediately transmitted.
In general terms, perhaps the reliability of the source of the download
is the main defence. I've never thought of a checksum as being anything
other than a guide to the reliability of the download. In fact, I know
absolutely nothing about checksums nowadays, but thinking back to about
35 years ago when I used to work professionally in the computer field, I
remember that a checksum was far more than a simple byte count. If the
checksum of the file in one's possession did not correspond to the
checksum at the source, then it had been altered in some way. So for
example, two different files with the same byte counts could certainly
be distinguished by their checksums. The most important thing is that
the CHECKSUM itself (i.e. a pure number) should be received from a
reliable source: the file can therefore be put in the hands of a
potentially UNreliable source. But how does one view or calculate the
checksum of a file anyway? I don't even know how to do that. It must
depend on the TYPE of checksum, i.e. the algorithm used to calculate it.
The algorithm needs to guarantee that a unique number is produced for
the file, and if a single byte is replaced, the checksum is different.
You can probably invent your own algorithm which produces a private
style of checksum. Whatever, it remains that the number itself needs to
be received from a reliable source, otherwise, nothing doing. If the
calculated checksum of the file does not correspond to the number you
have been given independently, then it has been hacked. I think that the
answer to your question is that if you do not protect your information
about this precious little number and provide a reliable source for
transmitting it to the person who is going to receive the file, there is
no way you can protect your file, wherever it is. I've deliberately let
myself rave on like a lunatic, talking a lot of rubbish. Such things can
sometimes provoke the creative flash of insight you are looking for. Bob
_______________________________________________
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
