CNN On Story on GnuPG 1.0 189
Dan Schleifer writes "Good to see that main-stream media has picked up on the release of GnuPG 1.0, and run a story on it. This is an especially GoodThing(tm) as, it's not just free software, but free encryption software that says: 'Haha, you silly little export regulations...' " Several nitpicky errors that I'm most of you will notice, but all in all great to seen the mainstream reporting on this, and starting to hit the issue of
privacy exportation, if only skimming the surface.
Re:It's a good thing to snub your nose at America (Score:1)
Look for the wire cutters in the near future. It's not "for the children," it's for a 4000 year old legacy of ethical behavior that can't just be switched off because someone thinks they have a keeno electronic gizmo to replace it with.
Re:wake-up call (Score:1)
Can we relate it to "the children" in some way?
Actually (Score:1)
Re:Question (Score:1)
Yes, there has been at least one case where someone left the US to work on encryption. Vince Cate renounced his US citizenship [www.efc.ca] and moved to Anguilla.
(I think this was a Slashdot story a while back, but it's much faster if I don't have to search the /. archives....)
Contradictory? (Score:1)
Re:Actually, I think it's 4096...? (Score:1)
else if( nbits > 4096 ) {
* GnuPG can handle much larger sizes; but it takes an eternity
* to create such a key (but less than the time the Sirius
* Computer Corporation needs to process one of the usual
* complaints) and {de,en}cryption although needs some time.
* So, before you complain about this limitation, I suggest that
* you start a discussion with Marvin about this theme and then
* do whatever you want. */
tty_printf(_("keysize too large; %d is largest value allowed.\n"),
Re:Won't Linux be pissed (Score:1)
Re:What's needed now is... (Score:1)
Of course, I'm using Netscape Mail right now, so I bet pretty much anything would be an improvement..
I read somewhere that you can build plugins for Netscape mail in Java... anyone know anything about this?
Re:scp is no ftp replacement (Score:1)
-----------
Re:Exportable Mozilla with GPG (Score:1)
Re:Hmm...... (Score:1)
...phil
Re:Big enough Beowulf clusters can solve anything (Score:1)
...phil
Re:Exportable Mozilla with GPG (Score:1)
Can't do it. The laws say that not only can't you have encryption, you can't even have any hooks that can be used for encryption.
So you have generic hooks. A hook to apply some plug-in to a mail message before it is sent. Your standard distribution contains plug-ins to pass your mail through a spell-checker, grammar-checker, whatever, and you leave those sneaky for'ners to come up with a GPG plug-in. Easy!
Re:Won't Linux be pissed (Score:1)
Re:What's needed now is... (Score:1)
--
Writing Letters on Postcards... (Score:1)
Actually, I put my letters in envelopes for reasons completely unrelated to security--I don't want them being soiled or becoming illegible because of moisture, etc. The envelope is simply protection from accidental damage.
An envelope will not keep other people from reading my postal mail! Have you ever tried opening one of those things? I open dozens a week, and I've become so good with them that it takes me hardly a second to get one open.
--
Re:export regs may not allow USA based peer review (Score:1)
First of all, GPG can be legally exported from its home, Germany, into any country, including the US. It cannot be re-exported from the US. It can never be put on a US FTP server, for example.
Now if the program gets contaminated with a US-written patch, nothing changes. It is still legally exportable from Germany. The writer of the patch may be thrown in jail as an illegal arms dealer, but I wouldn't bet on it.
--
Re:What's needed now is... MH! (Score:1)
If you used the most flexible mua in the world, namely mh, then you could easily write a simple script that would add seamless support for gpg, such as I did one afternoon.
No, you must use your monolithic mua which makes it hard to add features. Otherwise, you're too lazy to hack the source to add the feature yourself.
Re:What's needed now is... (Score:1)
Daniel
Re:Hmm...... (Score:1)
Daniel
Re:b (Score:1)
Unless you're talking about just the weakest level, of course. But that's no challenge -- it's already been done, although for RSA rather than ElGamal.
-Billy
Re:"Current Factoring Technology" (Score:1)
However, quantum computing is NOT just a way to make more powerful computers; it's a completely different way of working, and to my understanding, although it's solved the factoring problem (or at least there's an algorithm for it), that doesn't mean that it's solved the discrete log problem used in ElGamal.
Solving the DL problem would also solve the factoring problem, but not the other way around.
Now, one thing I don't know: have they solved the DL problem using quantum computing? I have no idea.
-Billy
Re:wake-up call (Score:1)
I'm glad we don't have a democracy -- and I hope we never move any closer to one than we are. Democracy makes the fatally flawed assumption that the will of the masses outweighs the rights of any.
-Billy
Re:What's needed now is... (Score:1)
-Billy
Re:Question (Score:1)
-Billy
Re:Exportable Mozilla with GPG (Score:1)
It's not entirely sucksville if you live in the US. But most of it is still sucksville.
Joseph Elwell.
Re:What's needed now is... (Score:1)
AFAIK, mutt [mutt.org] has gpg integration. Dunno exactly how it works, but I'm told it's there. At least that's what somebody told me the last time he tried to convert me from pine. :P
Re:GNU at its Best (Score:1)
Clarification: It has no export restrictions because it was developed outside the United States, NOT because it is open-sourced.
Re:GNU at its Best (Score:1)
PGP is free. They gave the source out. Still do for the old (2.6.2 and older) versions. Dunno what effect the RSAREF licensing has on that, though.
Re:It's not obscure, so why don't we push that par (Score:1)
Somebody already did. [slashdot.org]
Re:Is an "easy" explanation of encryption availabl (Score:1)
>postcards.
You misspelled "idiots".
>They don't have any illusion that what they write
>is secret, of course.
>Most people don't write that many secret
>messages.
That is a meaningless argument. What if those
messages that *are* encrypted *must* be encrypted?
What if it's a patient discussing an AIDS
treatment with their doctor, or a manager
dicsussing a classified manufacturing method with
his or her employees? You may not need to use
encryption much, but when you do, you *really*
need it.
>Guess what? If you use encryption, you're likely
>to be watched. Those of us who don't (most of us)
>will be less watched.
Being watched doesn't bother me. What important to
me is that casual observers not read *my* private
email. I like my privacy. My god! I must be a
terrorist or a child pornographer or a communist
or something!
>Wave that red flag, boys. Wave that red flag.
Keep writing on postcards, boys. Keep writing on postcards.
Re:GNU at its Best (Score:1)
Re:Not stupid at all... (Score:1)
I'm in Europe, using the insecure ('export-grade') version of IE5. At other times, I use insecure Netscape 4.61. So does everybody else - very few people can be bothered to hand-edit the Netscape binary to enable encryption. Heck, most users don't even understand what key length is.
The export regulations make it inconvienient for most users to get strong crypto. And if something is inconvienient, most people won't use it. The laws may not stop those who know what they are doing, and are prepared to take security seriously, but there are still lots of easily-tappable, interesting communications out there.
GNUPG has business uses (Score:1)
I mentioned the (then upcoming) command-line version of PGP, but also GNUPG.
S/MIME has a good architecture, but the business versions of PGP also have good key management on other features intended for business users.
And as far as "real world" use, S/MIME is new and has announced support from vendors, but on the Internet "email encryption" and "PGP" are all but synonymous. Recent versions of PGP integrate well with the most popular Windows mail clients (except Netscape Messenger). It also features clipboard integration with any other text-processing application.
Re:Exportable Mozilla with GPG (Score:1)
Yes, I know this is stupid, but there's no way a company is going to do this, when the very thing it wants is to remove the encryption restriction altogether. Its simple politics...
And if you think this sucks, welcome to the real world... This isn't software, its not logical, its life...
Re:Poit..? (Score:1)
You big goober! You missed the joke completely. Gonwyn deliberately misused 'Linux' in place of 'Linus.'
--
A host is a host from coast to coast...
Re:Poit..? (Score:1)
--
A host is a host from coast to coast...
Re:What's needed now is... (Score:1)
Re:Mozilla! (Score:1)
The USA is not the only country in the world. If GNUpg is integrated outside of the USA (or other country with crypto export regulations) then it just needs to be imported into those countries, not exported from them. So only import regulations need be a problem, not export ones.
Re:Not stupid at all... (Score:1)
Re:export regs may not allow USA based peer review (Score:1)
scp is no ftp replacement (Score:1)
Re:Exportable Mozilla with GPG (Score:1)
Any computer has "hooks" that can be used for this purpose, and therefore should be illegal to export. Consider that you can take an email program, and patch in encryption hooks with a debugger if you have to. That means the program has hooks in it because it has places where you can patch in the encryption code.
Ok, now that we can see how silly and unenforceable the "no hooks" policy is (as long as you don't put in hooks that are specifically for encryption everything should be allright), lets consider how our encryption program could hook itself into mozilla. Hmm, remember, Mozilla is all held together with scripty-goo, and consists to a large extend of dynamically loaded modules. There's a way, for sure, and even an elegant way that fits nicely with the Mozilla architecture. Or, maybe there should be a law that browsers with scriptable components are illegal to export?
--
Re:Poit..? (Score:1)
I once read an article in a local newspaper that talking about Web design and mentioned HTML as being a programming language.
The sad thing is that to most people HTML is a programming language. Remember we live in a society where most people's solution to the blinking 12:00 on a VCR is to cover it with electrical tape.
Re:Won't Linux be pissed (Score:1)
---
Re:Rights are not revokable! (Score:1)
2) Governments can make any laws, grant any "priviledges" they want.
What the Declaration of Independance was saying is that is a "Human" right, not a legal one, to be free. That can never be actually taken away from you. On the other hand things like life, liberty, and any hope of happiness CAN be taken away by the Government.
Freedom tends to be more of a priviledge granted by your Government, rather than an actual right. If some Government decides to come to your house, take you away and throw you in jail forever, are you still free? Where are your "inalienable" rights then?
Re:Ah, ignorance.. (Score:1)
I happen to be a US citizen as well, in fact I was just Honorably Discharged from the US Military. I just believe that freedom and privacy have been thrown into the crapper. True to our Constitution this gaping atrocity has been commited by none other than our own people. The average Joe would sell his soul to have his wife, 2 car garage, 2 1/2 children and the closest thing to world politics would be the World Cup Soccer Tourney.
My $0.02 US
Re:Somebody give RMS a Valium! (Score:1)
Re:What kind of troll is this..? (Score:1)
Re:What else is needed? (Score:1)
communication software, it would be nice to
integrate it fully with Mozilla and other
browsers (konqueror, opera, lynx etc.) as well as
with collaboration tools (cvs, lotus notes and
whatever OS/FS clones there are of it, etc.).
On second thought, Apache integration may be
more important, because it'd be nice to serve
encrypted pages, then there'd be a market for
encryption capable browsers.
Disclaimer: I do not know to what extent any of
this has been done.
Re:Contradictory? (Score:1)
1. Open source doesn't mean open life. It's not contradictory to write open source software but not publish your credit card numbers
2. Ideal society != (all members are ideal)
Destructive people have always been with us. There will always be people who want more than what they are entitled to, and don't care if they hurt others to get it. Hence, we protect ourselves and we spend less time destroying those people.
Re:What's needed now is... (Score:1)
Re:Somebody give RMS a Valium! (Score:1)
> You can't just pull down your pants and shake > your willy in public because you don't like > public nudity laws. Or, rather, you can. For a > minute or two.
Ah, but I can go somewhere where public nudity is okay (another country, or my own home, which wouldn't be public, but oh well) and do so, and then point out that nothing horrible happened (oh no, I got cold!)
well, okay, I couldn't shake my willy around (at least not unless I went to the adult store first) but you get the picture.
Re:Rights are not revokable! (Score:1)
Trampling on your rights does not remove them, as our current government proves every day.
Rights are not revokable! (Score:1)
No there is NOT! Your rights are inalienable. Meaning ALWAYS WITH YOU. Just because it is or isn't in the Constitution or any other document doesn't mean that you don't have the right. Rights are not granted by the government, priviledges are. There is a very big difference.
inalienable \In*al"ien*a*ble\, a. [Pref. in- not + alienable: cf. F. inali['e]nable.]
Incapable of being alienated, surrendered, or transferred to another; not alienable; as, in inalienable birthright.
Can't get any clearer than that
Re:Not stupid at all... (Score:1)
Re:That's exactly what they want... (Score:1)
I agree. And that's why we're beginning to see the anti-crypto legislation. Because the obscurity period is gradually coming to an end.
Not stupid at all... (Score:1)
They DO understand what export restrictions do to American companies. (Sorry to say the same thing over and over, but these "boy are those lawmakers dumb" messages just won't stop coming)
The laws are intended to keep American companies from effectively promoting the use of crypto in the states. No widespread use => no real need to regulate => no publicity nightmare.
Re:Won't Linux be pissed (Score:1)
When will he figure out that GNU would be just a few alternate apps for Unix boxen if it weren't for Linux? Of course, there would be no Linux without GNU.
So what's my point? Well maybe it's time RMS took a miss. This is a little like the Chuck the Daemon argument. The people call it Linux. Boo Hoo if that name doesn't give credit to GNU. People still call the BSD daemon Chuck. What's in a name, really?
RMS seriously needs to revise his attitute a little. People might actually take kindly to calling it GNU/Linux if he wasn't yelling so damn loudly. Something he needs to learn is that people who 5 minutes ago didn't care will suddenly be against you if you come on too strong or are rude.
Then again, this press is just bad anyway. But in the end, it's not like this was a product of some people in Boston or whatever. It was a product of the entire Open Source Movement. From a need came a product, and it was Better. In the end though, don't be petty about it.
Re:What's _really_ needed now is... (Score:1)
Public domain? (Score:1)
The US doesn't care... (Score:2)
It makes it unreasonable for normal people to aquire and install crypto. You have to download it from off shore, then patch it into your environment.
Like they say...
Crypto is used by human rights groups. It is despised by the US Government. Draw your own conclusion.
In my book, Civil servants using patent lies to justify the destruction of the Constitution isn't just a breach of Oath, it's treason. And, every judge, congress person, and president that allows it to continue is a co-conspirator. Treason, you say? Well, there is a legal process for striking a Constitutional right like free speech. Failing to use that process suggests the powers that be are working for some other country; they clearly have an intent to defeat those of us that live under said Constitution; and they are US citizens. That is the very definition.
They're WAY past folly.
Re:Won't Linux be pissed (Score:2)
"available now" (Score:2)
Mozilla! (Score:2)
Joseph Elwell.
Re:Won't Linux be pissed (Score:2)
Re:Rights are not revokable! (Score:2)
Re:Rights are not revokable! (Score:2)
Re:Is an "easy" explanation of encryption availabl (Score:2)
Basically my point is that the government can be as suspicious of me as they want to be, it makes no difference in the end so I doubt that they'd bother trying. Also, people write letters on post cards, but most are in envelopes and they'd be extremely pissed if the envelope got delivered and it had been opened. It doesn't matter that it was just a letter saying "happy birthday."
Re:Mozilla! (Score:2)
my $.02
Steve Ruyle
Re:wake-up call (Score:2)
"We must ensure that our country remains the technological leader of the universe in order to reserve the rightful place in the hierarch of mankind that our children deserve. Therefore, I submit to this distinguished body, that we must dis-allow the importation of any encryption technology onto our hallowed American soil that would seek to undermine the very moral and ethical fabric of our socienty and force our children to submit to functioning on the same pathetic level as the children of all the other nations on this Earth!"
(to be read in the monotone drawl of your favorite clueless bible-belt Senator).
Is an "easy" explanation of encryption available? (Score:2)
I'm really pleased to see GnuPG getting attention -- it deserves it. After using PGP for a while now, and reading all about various encryption algorithms this afternoon, I'm feeling pretty pumped about protecting my personal privacy.
That said, PGP & GnuPG are only useful if more people start to use the software.
So, with that in mind:
Does anybody know where there is a simple explanation of how encryption works? Something that you could show your non-geek friends, or, even (gasp) your Mom, and have them understand the basics?
Getting friends and family on email is a hurdle I've basically crossed. Now I'd like to do the same with email encryption. [ In fact, I may write such a "newbie encryption" document myself, but may as well check to see if something already exists. ]
Re:What's needed now is... (Score:2)
On the receiving end, when you receive encrypted mail from someone, your program should automatically go out to your HD (ask for password of course) and run GPG/PGP on it and show it to you unencrypted. Maybe just putting an encrypted icon in the status bar or wherever to tell you the mail was encrypted.
I'm waiting for this kind of functionality in a mail client personally. I think this would be a reasonable drop in replacement for regular email. I know I would use it, maybe someone could add this as a plugin or something to mozilla mail.
Re:Won't Linux be pissed (Score:2)
I run Linux. Does GPG support Linux? (Score:2)
-russ
Re:Is an "easy" explanation of encryption availabl (Score:2)
An easy description of what encryption and signing (don't forget signing, its an important concept) do can be provided by offering analogies to postal mail and signing of contracts.
However... the actual how and why of encryption and signing is not something that will easily fit into someone's head. The basic problem is that while its obvious to the lay person exactly how an envolope protects their letters from casual examination, understanding how encryption protects their documents either requires that they take some things on faith or that they understand the math. There is no physicality to the protection, nothing that can be seen, touched or obviously understood.
You can go a certain distance with the postulate that "some mathmatical functions are easier to do in one direction than the other" and from that get the basics of cryptography, both signing and encryption, but again, the layperson has to either understand why the postulate is true, or take it on faith. Even so, the simplest explanations leave out a lot of important details (leaving the explainee not knowing how to distinguish between good crypto and bad crypto, and thus giving them more stuff to take on faith). One of the most concise set of basics is in Schneier's E-Mail Security [amazon.com] which goes over the juicy bits in chapters 1-5.
Re:scp is no ftp replacement (Score:2)
Re:Forgot about sftp (Score:2)
Won't Linux be pissed (Score:2)
Oh well, they got it half right.
George
Re:Won't Linux be pissed (Score:2)
I mean, everyone here knows that the GNU project was founded in Cambridge. Silly CNN.
Re:What's needed now is... (Score:2)
A mailer developed outside the states (Score:2)
I'm the boogy man! (Score:2)
We don't because the US Government raises the spectre of "Criminals, terrorists and pedophiles" (Oh my!) Well that's just fine, until you start to wonder, who decides what makes a criminal? In China I could be arrested for sending a mail talking about how my wife was forced to be sterilized after our first child. Suspecting that everyone is a criminal and reading their mail to make sure they're being good little citizens may make sense if you're Chinese, it should never make sense here. In a decade or two, this very message might be considered "subversive" by the US Government and I might be visited in the middle of the night and shot in the back of the head because I don't follow the sheep-like inclinations of 90% of the public.
We should be demanding severe reforms in the privacy and cryptography arena. We should also be letting candidates know that we consider this to be a vital issue, one which will gain our lose our votes in the next election. We should not be tolerating the current status quo. We should never let it be assumed that a person is guilty until proven innocent.
Poit..? (Score:2)
Won't.. Linux.. be pissed? Pardon, but I seem to be a bit confused. Of course, while it is true that it would be a more technically accurate assertation to make if one said that the Free Software Foundation was based in Boston, Massacusetts than the GNU Project (although the two are practically synonymous, there are a few key differences).. or perhaps that the GNU Project was launched to accomplish a number of goals, of which releasing a free operating system was only the first. Of course, anyone who was interested could easily pick up all of this information at the GNU Project's Web site [gnu.org]. But then, the media never has been known for doing their research, eh? I once read an article in a local newspaper that talking about Web design and mentioned HTML as being a programming language.
Other than that, the statement remarked upon by the original poster is mostly accurate. After all, the OS that the GNU Project eventually came up with was called GNU/Linux. Many people (mostly the media and the people who believe them) think that when one says "Linux kernel" that what is really meant by that statement is "the kernel for Linux" when the truth of the matter is that Linux is the name of the kernel used in the GNU OS. Therefore, as Richard Stallman states (and the Debian distribution respects), it is more appropriately referred to as GNU/Linux. Richard wants to have another GNU OS using Hurd as the kernel, but there's not too much development in that area from what I know.
I guess what originally drew me to comment on this post was simply.. how can a kernel for an OS get pissed off at anything? I would love to see posts that are a little more specific. Vague comments without a lot of backing tend to be.. well, vague. Not to mention annoying.
By the way, no, I'm not trying to detract from the work of Linus Torvalds. His is just as important as many (well, more than most, actually), although Richard Stallman is rarely given the credit he truly deserves.
Ah, ignorance.. (Score:2)
Pardon this excessively opinionated foray further in the realms of off-topic discussion, but.. Well, let me try to get this straight.. What is the perfect example of the Internet community proving it's world wide (well, beside the fact that the World Wide Web isn't just a funny misnomer), GPG or snubbing your nose at America? Personally, I think snubbing your nose at a pair of continents (which are actually north and south, rather than one single land mass.. sort of) is really silly, but hey.
I'm pretty sure the original poster meant the United States government, but then again, I'm also pretty sure that they're rather confused and have no idea what they are talking about. At any rate, this sure is some serious flamebait. Don't get me wrong, even though I'm a United States citizen I have a number of issues with my country's government, and don't believe us or our country is necessarily all that better than those of other parts of the world. However, I can't agree with the idea that a community can prove itself as being world wide (which seems to me to mean that it excludes no one) by excluding a certain group (namely the United States).
National boundaries mean a lot. More than the original poster can apparently imagine. A lot of us would love to live in a better world, but being a practical realist as well as a dreamer, I can certainly attest to the fact that ignoring cold, harsh reality is quite bad for your health. Besides, the United States stands for freedom. There are a few corruptive influences in our country, but it is that way with any society. I don't like those elements of our society, but unless you can claim yours to be perfect, I don't think that you have room to talk. There are certainly much worse places in the world to live. I like what the United States as a whole stands for. And apparently a number of its opponents don't care for them as much as I do. Such as the idea that you should cast off the yolks of oppression and ignorance? Silly me.
Re:What's needed now is... (Score:2)
Re:What's _really_ needed now is... (Score:2)
An ideal model would be that when i have say pine and pgpg installed in my system, pine would automatically offer the option of encrypting the message(autodetect the presence of an encryption program). Signing the message with my own private key would of course also be automatic. When you receive an encrypted message, your mail reader would automatically attempt to decrypt it with your private key.
Of course there are some securite implications involved with automating the use of encryption keys but as long as your account/files aren't compromised these shouldn't really be a problem.
Re:Is an "easy" explanation of encryption availabl (Score:3)
You don't write letters to people on postcards, do you? No. Why? Anyone can read what's on the postcard. If you want to write a private letter to someone, you write it on a piece of paper and put it in an envelope. You may even use a security envelope so you can't see what's inside the envelope.
Encryption is (in one sense) the envelope. It makes sure that no casual reader can see what the contents are. It may be credit card information, or it may be happy birthday wishes. It doesn't matter.
Encryption (as PGP/GPG uses) also provides authentication. It makes sure that when you get a letter from a friend, it really came from them and not someone who happened to break into Hotmail and fake e-mail.
Side note: Hrm. This could be a good way at advertising GPG (Hotmail cracked again? Don't worry, GPG keeps you safe!)
-Mark
Re:What's needed now is... (Score:3)
Personally, I prefer mutt [mutt.org].
Re:Big enough Beowulf clusters can solve anything (Score:3)
Second, you're dead wrong. Cryptography is based on functions that are easier to do in one direction than the other. Easier by many many orders of magnitude. That means that a computer will always be encrypt a message to such a degree that were all the matter in the entire solar system turned into a huge cluster of computers, it would not be able to break the encryption with a brute force attack. You're home computer can do this RIGHT NOW. So while beowulf clusters are neat and all, don't ascribe magical powers to them. Its a sign of linux zealotry and that's just as bad as any other kind (*cough* M$ zealotry *cough*).
Note that I did however only talk about brute force attacks. There is always the chance that a new algorithm or new kind of technology (read quantum computing) will be found that will render a cryptography function as easy in one direction as in the other.
Jherico
Somebody give RMS a Valium! (Score:3)
A note to Stallman: Take a Valium, wash it down with a few shots of Absolut, (not too much now, we don't need you dead) and sleep off the rage of the HURDs virtual media invisibility.
Linux was below the radar screens for years, and is now up in a big way. HURD may well be the next Linux..
A thought before I go.. We should embrace GPG, for not only is is a good bit of code, but it may well be our best way of fighting the current stupid encryption laws. By making sure everyone, everywhere can get their hands on it, it nullifies the need for such a law, and I hope the US government realizes this..
What's needed now is... (Score:4)
I'd encrypt / sign all my mail if it were easier... I guess I'm way too lazy to type a message, run it through GNUpg, then replace the text in the email all by hand... I've seen some decent apps for Win32 that do nice things (e.g. adding a right click option on text to do PGP encryption / signing)...
I'd love to see more encryption being used... I know a few Linux mail clients "plan" to have support for GNUpg, but none that I know of right now do and offer enough features to be worth using....
That's exactly what they want... (Score:4)
As long as Americans don't bother using crypto the legislature doesn't have to take unpopular steps to control it. So they stifle the companies who make and promote crypto products and the issue comes to the public's attention as little as possible.
wake-up call (Score:4)
God knows the legislature doesn't act on real issues, but if we can make this a PR issue, then things might actually change.
export regs may not allow USA based peer review (Score:4)
GNU at its Best (Score:4)
Let's keep it that way.
VERY stupid regulations (Score:5)
USA is hitting its own software companies with this regulations. This is good for everybody else, but it will cost the USA a LOT.
Very soon, US companies will start feeling the pressure from all over the place. For one thing, a german company (SuSe) can (and does) put things like PGP, ssh & co. in its distribution, which an US-based company (redhat, Caldera) can not and does not.
Now, adding ssh is just a matter of downloading the srpm package, compiling it and doing an RPM -i, but... Try adding ssh-agent imediately after login for all of your users in a consistent way and you will find out that this task is non-trivial. Then you have to make your PGP (or GPG) work with pine, or whatever you or any of your users use and so on. It is annoying and takes your precious time away.
It is just the same kind of shit as those I used to have with my (german) keyboard not getting properly configured, xdm coming with an completely open configuration file, and simmilar, with ONE major exception - RedHat cannot fix it in the "next version", because it is not even part of the distribution. SuSe can.
By the way, upgrading from RH-5.1 to RH-6.0 has killed my own solution to above mentioned problem of integrationg the ssh-agent in the login-process, so I had to do it again. And I hate repetitious jobs .-).
Do I see a problem for RedHat here?
It's not obscure, so why don't we push that part? (Score:5)
Andrew G. Feinberg
Re:Won't Linux be pissed (Score:5)
I'm not real passionate on the whole GNU/Linux controversy one way or another, but this is pretty irritating. Sheesh, they couldn't go to gnu.org and steal some of the background there instead of coming up with this boner?
Back on-topic, it is good at least to get some 'good' press about GNU and Linux and encryption out in the mainstream. The average reader won't notice or care about this misstatement, but will probably pick up on the implications of unrestricted encryption (hopefully).
Meanwhile, back at the CNN newsroom...
"Ya come up with any copy today with the word 'Linux' in it yet?"
"Well, sorta... there's this GNUpg thing, and I think its kinda about Linux, but I don't know what this GNU thing is."
"Go ask Harry, he did a story last week about RedHat and he knows all about that stuff. C'mon - we got a deadline!"
"Uh, oh... Harry?"
"Oh yeah, GNU is that thing that they started in 84, MIT, I think... yeah, right.. they're the ones who claim they invented Linux and want to make sure you call it GNU/Linux. I got yelled at a press conference once by one of their guys."
Re:Is an "easy" explanation of encryption availabl (Score:5)
On the other end, you find people who distrust anything, so give up on encryption altogether. Their logic is, since "hackers" (their term, not mine! Lay off the stones!) can get into anything, there's no point in using convoluted methods to protect their information. That's the same kind of people who refused to use automatic tellers for years because no human being was handling the money.
What's important to put into the public's mind is some of the following points:
Encryption is the practice by which you make it impossible for anyone but the right people to read a message of any kind, be it a credit card number or an email message.
Cryptography is important for everyone, not just spies of military generals. Just because an information is not dangerous to you or someone else if it is revealed doesn't mean it's not private. Do you want love messages between you and your boyfriend/girlfriend/wife/husband to be read by anyone?
It's easy to apply good cryptography to almost anything, unless the nature of your data is highly secret (and we're not talking surprise party plans.) All it takes is a little extra "effort", and you can have secure messages.
No, the Government won't start spying on you because you're using encryption. Many people do it, and they're not terrorists or Russian spies.
Don't trust any company who says they use encrytion. There are two types of encryption: encryption that requires minimal effort to unravel (like tearing open an enveloppe) or encryption that requires some time and good cracking skills (like cracking a safe). If you want good encryption, look for second opinions on the Web, or from cryptography-savvy friends or colleagues.
Good encryption exists nowadays, and some encryption standards make it unlikely that your data will be exposed unless a lot of money and effort is put into it. Be wary of systems that claim they are unbreakable, but don't think your data is automatically vulnerable to any 13 year-old hacker with a modem. Yes, your data can be protected by cryptography.
Good security also means good practice. Your data will not be safe if you use simple passwords, like the name of your dog or your birthdate. Try using unpredictable passwords when you need to. If possible, use numbers and mixed case when choosing your passwords. NEVER use your name.
"There is no surer way to ruin a good discussion than to contaminate it with the facts."