Tuossa kyllä toisaalta kj:n suulla sanotaan, että ”koneet on suojattu”, mutta salauksen käyttö on ikävä kyllä harvinaista vielä nykyisinkin, joten lausuman merkitys jää vähän hämäräksi etenkin kun jo heti seuraavassa lauseessa puhutaan työpöydällä ilmeisesti kuitenkin avoimesti saatavilla olevista tiedostoista. Yleensä salataan kaikki jos salataan, tuskin työpöydän tiedostot erikseen olisivat salatun levyn ulkopuolella.
Jos sen sijaan ensimmäisellä kommentaattorilla ”Tiedostot työpöydällä hidastavat konetta”, kannattaa kyllä harkita käyttöjärjestelmän vaihtamista…
Ehkä ne polliisissa ottais ilmotuksen tuosta vastaan, vaikkeivät sulle mahd. löytämisiään kertoiskaan. Tiedä vaikka tämä tyyppi muutoin makaisi kotonaan muumioituneena vielä vuosienkin päästä, niin kuin tässä maassa ruukataan.
If transmitting the private ssh key over to the server is what we want to avoid, would this work:
1. Encrypt the fs with a symmetric key, encrypt the symmetric key with the ssh public key, store the asymmetrically encrypted symmetric key outside the encrypted fs, throw away the unencrypted symmetric key.
2. When logging in (and after establishing a secure link), send the encrypted (symmetric) key to client for decryption, get back an unencrypted key to use for decrypting the fs.
(I’m only beginning to understand modern cryptography, so I may just have made a fool of myself, but what the hey, you live and learn.)
I learned that hard #redirect does not support templates, magic words or being wrapped inside conditionals. I’d find any of those features useful in my own wiki, so my questions are:
- Are the limitations based on technical difficulties of implementation, or are they design decisions based on security implications?
- Would it be possible to implement support for said features in an extension, or better yet, are there known extensions to do this?
The wiki that I’m running is limited to my own personal use, so I wouldn’t have to worry about security implications for multiuser MW installations.
> Why would you trust the site if it has insecure javascript?
Now let’s see tse…@chromium.org’s profile page [1]… Whoa! It has insecure JavaScript on it! We’d better not trust what this person says. ;-)
* [1] https://code.google.com/u/103427653469784489849/
…eikä näillä kommenteilla näköjään ole ikilinkkejä.
Ja kun avasin tämän kommenttilootan uudestaan tätä toista kommenttia varten, sain saman varmistuskysymyksen kuin äsken. Ihmiskäyttäjälle tietysti helpompi niin, mutta kuvittelisin, että se antaa myös spämmääjälle brute force -tilaisuuden.
Thanks for taking the time to answer my comments.
I think a big (though not big enough to be first-time-preventive) difference between you and psychopathic killers is that you’re not superficially motivated. A psychopath has no trouble hurting people in order to gain something relatively trivial — typically grotesque is the seek of sexual gratification.
You’re more of the ”I believe an antisocial act will have a cleansing effect on my soul” type that, upon acting out, either gains the spiritual emancipation they’re after, or realize they’ve just been pursuing a flare. The reason I think so is all this introspection you demonstrate here. I can’t picture you, after committing a bloody act, sitting there, thinking ”well that didn’t do much, maybe I just didn’t do it good enough, big enough?” You’d more likely have your answer there, and wouldn’t have to keep on repeating the act, banging your head against the wall so to speak (as thrill-seeking psychopath would). You’d have made your statement and either it makes an effect on others or it doesn’t. Either way, it’d be out of your hands by then, no use doing it over and over again.
I’ve been keeping a close eye on your posts lately and felt I had to say something, just so you know that it’s not like no one cares, like these morbid thoughts you have fall completely unto deaf ears. There’s little I (or anyone, as you said yourself) can do about them as long as no lives are directly at risk, but what’s always kept me from going forward with such ideas is I imagine it’d feed horribly anticlimactic once you cross that line. Nothing, especially the internal craving won’t have changed, you’ll see that the wheel of the world still keeps on whirling. It’ll just now go on without you (once the karma of your actions hits you), and no matter how much damage you do, you are still bound for oblivion just like everyone else.
Is there anything you include in these thoughts about what you’d want it to look like, how you’d want people to react, a message of some kind? Is it the ”I’m smarter than you” or is that just a bonus?
The list seems to be missing the Istanbul–Ankara express crash of 2004: ”July 23, 2004 – An Istanbul–Ankara express with 230 people on board, derails at Pamukova, Sakarya Province, Turkey and the carriages overturn, according to Turkish government official confirmed, killing at least 38 people, injuring another 80.”
@Roger: Thanks for the solution. On Ubuntu Precise, GMM 1.0.23.1334-r0 seems to use /usr/local/share/applications instead of /usr/share/applications for the desktop file (there’s also a copy in /opt/google/musicmanager/, but it’s apparently just used for installing the effective file into /usr/local/).
@Nuno: I’m not sure I see the point of encrypting the application-specific password, and then be prompted to enter the key for decrypting the password. Isn’t it more straightforward to just specify the application-specific password when GMM prompts you to? Actually, with the caveat that specifying the password on the commandline means exposing it to trusted users, isn’t having GMM prompt for it a *better* solution securitywise? I guess you do get the benefit of getting to specify your own password which can be as easily memorizable as you dare use though (the application-specific passwords are difficult). Instead of OpenSSL I’d probably use GNOME Keyring, as it gets unlocked during login without an extra prompt for another password. Then pick the key for GMM using gkeyring.