Forgot your password?
typodupeerror

Comment: Re:Expect a FISA or PRISM notice in... (Score 3, Informative) 270

by WaywardGeek (#47950583) Attached to: TrueCrypt Gets a New Life, New Name

Some people post warrat canaries, but I stopped. Our current defense strategy is having developers around the world. Also, we have weekly voice meetings that are hard to fake, and enable us to know we're dealing with the same person each week.

Personally, I've boning up on skills for finding weaknesses in crypto code. I just did a 2-week marathon of being a huge a-hole over at the Password Hashing Competition. Telling people why you think their algorithms are not secure does not make you popular, but I have to admit it was fun. Applying the same sort of analysis to TrueCrypt makes me want to set my hair on fire.

TrueCrypt's saving grace is that it is not an on-line app. Even in the first "rebranding" release, we're removing it's tendency to ping the Internet whenever you click on a help button. If an attacker could hack the volume data, for example, he'd totally pwn TrueCrypt. But... in that case, he already owns you most likely.

Comment: Re:GIMP, Ubuntu, Xfce (Score 1) 270

by WaywardGeek (#47950471) Attached to: TrueCrypt Gets a New Life, New Name

I totally agree with your list, which means you are better than most of us geeks at picking, or at least evaluating names. I would love an alternative to CipherShed. I bet you could help here. Can you think of better names.

I like the name password-hashing entry in the PHC called OmegaCrypt. I was considering contacting the author, Brandon, to see if he'd let us use it. Some people on the CipherShed project don't want either True or Crypt in the name, partly for fear of trade-mark dispute, and partly to show that we're doing an honest clean fork, with an intent to rewrite it all under a popular FOSS license (the latest BSD license is currently the leading condender).

Comment: Re:Like LAME (Score 2) 270

by WaywardGeek (#47950443) Attached to: TrueCrypt Gets a New Life, New Name

Infringement has a lot to do with who you're pissing off. I this case, I am not so worried about the original TrueCrypt team. These guys did a ton of work for years, almost for free, because they thought the world needed it. Well, the world still needs it, and we have some new volunteers (but need more!). The E4M owner has some gripes about use of E4M licensed code in the tool. I think we need to focus on the E4M code and get it out of there ASAP. We can then take some more time to redo the whole GUI and everything else.

Comment: Re:"CipherShed" (Score 4, Informative) 270

by WaywardGeek (#47950405) Attached to: TrueCrypt Gets a New Life, New Name

So, I'm invovled in the CipherShed project. In fact, I bought the domain originally when Niklas suggested it. I also bought FalseCrypt :-)

This thread is actually very helpful. I've been very concerned that we need to pick a better name. The unfortunate truth is that we geeks totally suck at picking name!

RealCrypt is excellent, IMO. That's why the RealCrypt fork of TrueCrypt exists :-) It's a Fedora-packaged fork that drops all the Windows stuff. There's also a VeraCrypt fork. OpenCrypt.net was offered to us by the owner, which is very generous, but there is an OpenCrypt already, which oddly enough has to do with encryption rather than vampires.

Please keep picking on the name, and suggesting alternatives! If someone here provides one, I'll try to have it adopted. We *barely* still have time to make a name change.

Comment: Re:Torvalds is true to form.... (Score 3, Interesting) 727

by WaywardGeek (#47715021) Attached to: Linus Torvalds: 'I Still Want the Desktop'

It's GNU/Linux's fault. Android, still based on Linux, could likely win the desktop if Google got their act together and stopped pushing ChromeOS. Notice how my binary applications run on *very* many Android devices without recompilation, even when I write in C using the NDK. Notice how Android does not introduce bugs in my applications by swapping in a buggy shared library which I never tested. Notice how nearly impossible it is to publish a GNU/Linux app in comparison. In one case, you just publish your app to Google and wait a day or so. Notice how my app simply installs in a comparitavely secure jailed directory rather than having to disperse crap all over the file system. For Linux, you need to write and test different and binary incompatible installatoin packages for RedHat, Arch, Debian, Suse, then wait a few years for your package to be accepted and migrate from unstable to testing to stable, and even then you don't run everywhere.

Just freaking stupid.... year of the GNU/Linux Desktop my butt!

On a completely unrelated note, WTF is up with the new slashdot site? I had the newly dumbed-down ads disabled with a check-box. The check box is gone, and the ads are back, and dumber than ever! I miss the days of Barracuda ads that made sense on slashdot. The new ones aren't targeted at geeks at all.

Comment: Linux could own the desktop... (Score 4, Interesting) 727

by WaywardGeek (#47714827) Attached to: Linus Torvalds: 'I Still Want the Desktop'

All Google has to do is dump that stupid steaming pile called ChromeOS, and admit that Android wins. A desktop customized version of Android (complete with a real desktop) is still based on Linux (at least Google's fork of it), already has hundreds of thousands of apps, and could be better in nearly every way than Windows or Mac OS-X in 2 years, IMO.

The other broken OS, GNU/Linux, needs a major overhaul before it will ever be popular among anyone but geeks who are willing to accept that their OS is hostile to sharing new apps, or too blinded by fan-boy-ism to notice. I write this from my Ubuntu laptop, where my code contributions are far lower than Android or even Windows, even though I put in most of my effort here. It's just easier to publish an Android app. It's even easier to publish software for Windows. If Mark Shuttleworth were just a bit smarter, I think he'd realize he needs to abandon managing .deb packages and start this whole mess over based on a more git-like aproach. He's done a lot in that direction - user PPAs for example, but it's still not there. No RPM or .deb based Linux OS will ever become the basis for the Year of the Linux Desktop.

Comment: GPL is about User/Owner Freedoms (Score 1) 117

by WaywardGeek (#47714607) Attached to: Qt Upgrades From LGPLv2.1 to LGPLv3

The funny thing here is that Digia is still going to support Tivoization, but customers will have to pay for it! I suppose that's better than letting hardware manufacturers Tivoize their hardware for free, but this is the first time I have ever seen anyone upgrade their GPL license simply to force customers to pay more. It seems wrong somehow...

Comment: Re:Differences between 7.1a and 7.2a (Score 4, Interesting) 146

by WaywardGeek (#47207853) Attached to: Auditors Release Verified Repositories of TrueCrypt

7.2 was stripped of encryption functions. Even if it was without bugs, what good is it? Not to mention the weird way they walked away from their software.

It really was weird. Here's my new theory:

These guys released their best version ever, 7.1a, in Febuary 2012. They had a party, said goodbye, and moved on with their lives. Everyone assumed that since it's open source, some new guys would come along to take over the project. Instead, for two years, there were no security updates, and no credible fork. TrueCrypt was languishing. One of the developers decided to force the world to take action. He pulled that amazing stunt, complete with recommending everyone use Microsoft BitLocker. Now he's kicking back with a beer and watching the world go nuts. It's like kicking an ant hill.

Did it work? You bet! A bunch of geeks like me said, "I want to help!" A couple of Swiss Pirate Party dudes said, "We'll lead the effort", and before the weekend was over, they had thousands of offers for help. True to the Pirate Party spirit, they even pirated the TrueCrypt name: truecrypt.ch. Also true to the Pirate Party spirit, they don't really know how to organize a team of geeks to work together in a common direction. So, I said "Follow me!" on the forum, and signed up geeks as fast as I could at the site that became CipherShed.org. Now they're self-organizing like some sort of slime mold, creating order out of chaos. It's really fascinating to watch! I hope the original authors are enjoying the drama :-) At this point, I think the new team is going to do amazing things.

Comment: Re:7.1a for x64 linux (Score 4, Informative) 146

by WaywardGeek (#47207683) Attached to: Auditors Release Verified Repositories of TrueCrypt

I believe I read about this guy on slashdot a year-ish ago. He verified the Windows binary comes from the official source. I replicated most of his steps, until I became a believer. It is the actual source used to compile the 7.1a binary.

Now, if you're afraid of back-doors, be afraid of what is already in the official source, all 110K+ lines of it.

As the trials of life continue to take their toll, remember that there is always a future in Computer Maintenance. -- National Lampoon, "Deteriorata"

Working...