| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
Comments:
<0> john: no idea what the difference is, I just googled knoppix wipe
<1> Garda, so his method would be 30 times /dev/urandom?
<2> dominicano: Have you learned about you problem ? And what was it ?
<3> DESCRIPTION
<3> Overwrite the specified FILE(s) repeatedly, in order to make it harder
<3> for even very expensive hardware probing to recover the data.
<3> sorry, didn't mean to post that much
<0> ma3x: a good wipe utill is better, it will try and get arround little issues like disk caches and whatnot
<4> dvm, yes, it was a bad config in my sources.list file
<0> ma3x: do you want to wipe the whole thing, or just files within a partition?
<5> encrypted partition, encrypted swap ... be happy
<1> ian__, the whole thing!
<5> cryptsetup-luks is neat
<0> ma3x: go for some sort of live distro with a wipe util, the'll all work reasonably well
<6> eeyore: and we were just getting through talking about the FUD where people claim TCPA is a bad thing
<1> eeyore-, does that encrypt the whole partition?
<0> and unless you have some uber1337 top secret nsa haxors after you with a large budget, you should be safe
<5> ma3x: it encrypts any block device, of which a partition is one
<6> things like encrypted filesystems are the sort of thing TCPA is pretty much made to help do
<7> Anyone know if diffie is still an acceptible algorithm?
<8> ma3x: no he had a more sophisticated method
<4> dvm, i thougt i was upgrading to etch, but it wasn't true
<1> ian__, there is 'wipe' for debian too, does it work well?
<8> it was about 35 times i think
<5> ma3x: what makes LUKS cool is the standard partition header, with support for multiple keys, and key revocation
<1> Garda, does he have anything for linux?
<6> not only encrypted, but with TCPA the key would be hardware based, so even having your HD doesn't let them get into it
<0> amarande: what does tcpa do?
<4> dvm, i gonna be away for a couple of minutes
<2> dominicano: Here on the most computers i run here Stable, i only run Testing in virtual computers and on my laptop, So when i have a trouble with it, it's not to dificult to take an other computer. So i have verry changes that i have multiples computers.
<6> ian: pretty much it's a hardware based authentication and crypto chip
<2> dominicano: ok ;-)
<9> you know, if you wanted to get it all done, just shred & wipe
<1> eeyore-, so what happens let's say on boot, it requires you a p*** or something?
<5> Amarande: what about TCPA?
<8> it included combinations of bytes that were random,all zero,all ones and 1010101
<9> if you've got the time :)
<0> amarande: I thought it was about protecting copyrights by going ape-**** to stop hackers
<1> eeyore-, and then when you mount the partition, you see random filenames if not logged in?
<6> controversial because it can be easily used by big content providers to lock out their stuff much more readily than now
<10> ma3x: for a non.-military purposes overwriting 3 times with good random data is enough anyway
<8> but using the normal wipe utility should be ok
<8> in normal mode it uses the gutman method
<6> but basically, in the end, it's just a hardware based authentication and crypto chip
<5> ma3x: you can't mount unless you can decrypt :-p
<0> amarande: whats the point of making it a hardware device?
<0> ma3x: the beauty of encrypted data: without key, it looks random
<10> ian__: so you can't update it in case you have a design flaw :-)
<5> Amarande: don't need no crypto chip ... give me VIA padlock :-)
<8> ma3x: apparently if you have a journaling filesystem it mightn't be perfect cos some data gets journaled
<5> and rijndael
<0> amarande : good idea!
<6> ian: avoids remote software attack
<0> amarande: ah, so it would have open specs?
<6> someone can copy your files, but without the keys from your particular TCPA chip, they can't do anything with it
<5> Amarant: that's "what-you-have". i'd rather have "what-you-know"
<6> ian: IBM claims that TCPA will be fully supportable in Linux, so I ***ume so
<9> Amarande: of course, anyone without a clue is going to have a hell of a time in a hostage situation
<5> Amarande: someone can always get "what-you-have", but you'd have to beat it out of me if you want "what-you-know"
<0> gnea: i handled about 20 hostage situations today
<0> gnea: headshot in most of them!
<5> Gnea: what's why plausible deniability is neat. unfortunately, LUKS screams "look at me! i'm encrypted!"
<6> like I said, the main controversy about TCPA is that it can be easily used to tighten DRM, which is a sensitive spot in the free software community
<9> ian__: uhm, are we on the same page?
<6> well, easily or not so easily, depending
<0> gnea: lol, you were talking about hostage negotiations?
<6> since the unique-machine-identification part isn't really stable enough for it to be used on its own for DRM
<11> I've got madwifi-ng installed as a module in 2.6.12, and everything is working, but I want to share my connection with a WinXP machine via ethernet. So far I've ***umed this could be accomplished with a bridge, but I can't find any good docs on Google. Any pointers?
<9> ian__: not necessarily with people involved
<12> sorry to bother all but I having trouble with the debian way of kernel compiling as I am getting an error. I would really appreciate any help you could give
<0> gnea: right.
<0> I'm out, got my server working again, thanks all!
<6> but basically, TCPA is about the owner of a given piece of data being able to encrypt it and control access to it as they will, regardless of what computer that data ends up on eventually
<12> error = 'Failed to find suitable ramdisk generation tool for kernel version 2 .6.15.2 on running kernel 2.6.12-1-686 in /usr/sbin/mkinitrd /usr/sb
<0> amarande; sounds bad.... very bad
<13> gl1tchy0ne : try 'apt-get install initrd-tools'
<5> very nice case for mini-itx, but way too extravagant for me :-p http://www.logicsupply.com/product_info.php/cPath/23_62/products_id/500
<6> whether this is a good or a bad thing tends to depend on how much data you really want to keep private, versus how much big corporate media data you want to view/listen to
<13> gl1tchy0ne : brb (coffee)
<0> If I want to keep data private, I control access, i don't use tcpa
<0> much simpler
<6> ian: the purpose of TCPA is to keep your data private in case someone breaks your access controls
<10> Amarande: as far as my impression goes TCPA is just for being able to sell pieces of data (be it software, music or movies) and the owner being able to controll access to it on MY box .. and i considder that a pretty bad thing
<5> ian__: anything that comes out of a committee where microsoft is a participant is *probably* not a good thing
<6> e.g., if someone roots your box, they won't be able to get at all your site p***words or credit card numbers or whatever
<6> this is why you need a hardware component
<10> Amarande: and ? it's MY data .. so I want to be the one in control
<0> amarande: yeah, once I buy something, I want to have access to it
<6> because if you just, say, used GPG on those files
<5> Amarande: why do you need "hardware"?
<6> they could grab your GPG keyring and do a dictionary attack for the p***phrase
<1> let's say to wipe one hard disk of 100 GB with gutman's method (35 times), how long will you need, 5 days?
<0> amarande: like music, once I buy it, I want access form xmms, not just itunes or napster or whatever bs app is allowed to open it
<5> Amarande: so why can't i desolder the chip?
<10> Amarande: and if i didn't screw up making up a p***phrase they will do so untill the end of the universe without succeeding
<6> eeyore-: it's not mandatory by any means to actually use TCPA. old stuff will still run fine
<6> but some new applications may require that you have it
<6> or they just, well, won't run
<6> and the protected data will just show up as a "glob of data" that the computer can't use
<5> Amarande: my p***phrase is about 60 characters long
<2> It's not really clear for my wy there are so many 'vim' alternatives. Like 'vim-gtk', 'vim-python'. What are the diferences ?
<5> dvm: vim-gtk = has gtk support. vim-python = has python interpreter support
<10> Amarande: TCPA isn't for ME controlling what happens on MY computer .. i can do that already pretty well. it's for SOMEONE ELSE controlling stuff on MY box ^^
<5> dvm: one drawback of a binary package system ... lots of combinations, if you want to get all possible combinations
<2> eeyore-: So 'vim-full' has all the features ?
<6> fireba11: also for YOU controlling stuff on SOMEONE ELSE's box, such as if your encrypted data gets stolen in some way or other
<5> dvm: or, try to use modules, but that might mean more work for things that aren't coded modularly
<6> as I said, the idea is to be able to keep your data secure even if it leaves your PC
<5> Amarande: i fail to see how that differs materially with dm-crypt, or any other crypto package
<10> Amarande: if i know what i'm doing my important data won't get stolen. i don't want to controll stuff on someone elses PC and i'll hack their hands off if they try to do that on mine
<2> eeyore-: I whas thinking to install the 'vim-python' support or the full if this give more features
<14> are any of you using newsreaders for any of the debian- articles?
<15> what tools (how) should I use to insert a line of text after specific marker in a config file, from shell script?
<6> TCPA can also allow for remote authentication of a computer
<5> Amarant: so can ssh
<5> Amarant: or kerberos
<5> Amarande: and others
<12> sorry to bother all but I having trouble with the debian way of kernel compiling as I am getting an error. I would really appreciate any help you could give
<12> error = 'Failed to find suitable ramdisk generation tool for kernel version 2 .6.15.2 on running kernel 2.6.12-1-686 in /usr/sbin/mkinitrd'
<5> gl1tchy0ne: install initramfs something or other
<6> I know some people who distribute their stuff freely and still might appreciate being able to use TCPA
<6> like for instance FAQ writers for games
<5> night
<6> all too many of those people have problems with people/sites who plagiarize their work and p*** it off as their own
<15> gl1tchy0ne: my box has yaird installed for that
<2> So it's better then to install 'vim-full' to have all the support ? It's more to use for write Python code and so on my old P1 and use vi *** main texteditor. I try to install it and it looks that it not take to many space.
<12> gilead: yeah cause VFS isnt there aynmore
<2> s/***/as
<15> Amarande: it's not a matter of convenience but freedom and long-term data accessibility (see The Death Of Culture on groklaw recently for one of many articles about it)
<12> I installed the initramfs-tools and it installed now
<12> I hope that it actually boots this time
<2> So i was searching for a graphical version of vi :-), that help me sometime to remember the vi commands ;-)
<12> I have only ever compiled using the old method
<12> cause I used slackware
<16> dvm: try a vim cheet sheet
<15> gl1tchy0ne: you can still use kernel compiled 'using the old method' (w/o ramdisk) on Debian too
<16> sorry a vi cheat sheet
<17> if you lose the root p***wd for a system, is there a way to reset it with an init 1?
<12> gilead: yeah just thought I would try the "debian" way cause it seems so slick
<2> konfuzed: sorry i not understand it also :-/
<16> kreg_work: yes there is
<2> konfuzed: What is it ?
<17> konfuzed, do you p*** an init 1 request at lilo?
<18> kreg_work: /msg dpkg i forgot root's p***word
<12> well thanks for the help with any luck I will be back with the new kernel... it was giving me error's on boot about VFS and this should fix the issue
<12> I hope...
<16> oh yeah init=/bin/bash I believe
<16> init 1 might go to single user mode but you will still be challenged for the p***word
<16> i had a link from the other day ;^)
<2> konfuzed: Can you point me to some docs or explain me a little bit what vim cheat cheat are ?
<17> one of the steps is to 'fsck' your filesystem. but how can i do that if i have / mounted. isn't that destructive?
Return to
#debian
or
Go to some related
logs:
#linuxhelp
#python
VMware Tools for ubuntu
t/fileline ok 7/11FAILED
how does update-static-leases work
mysql select uniq
ubuntu hamachi wpa_supplicant
#fedora
vnc4server amd64
feh ERROR: couldn't load image in order to set bg
|
|