If transmitting the private ssh key over to the server is what we want to avoid, would this work:
1. Encrypt the fs with a symmetric key, encrypt the symmetric key with the ssh public key, store the asymmetrically encrypted symmetric key outside the encrypted fs, throw away the unencrypted symmetric key.
2. When logging in (and after establishing a secure link), send the encrypted (symmetric) key to client for decryption, get back an unencrypted key to use for decrypting the fs.
(I’m only beginning to understand modern cryptography, so I may just have made a fool of myself, but what the hey, you live and learn.)
I learned that hard #redirect does not support templates, magic words or being wrapped inside conditionals. I’d find any of those features useful in my own wiki, so my questions are:
- Are the limitations based on technical difficulties of implementation, or are they design decisions based on security implications?
- Would it be possible to implement support for said features in an extension, or better yet, are there known extensions to do this?
The wiki that I’m running is limited to my own personal use, so I wouldn’t have to worry about security implications for multiuser MW installations.
> Why would you trust the site if it has insecure javascript?
Now let’s see tse…@chromium.org’s profile page [1]… Whoa! It has insecure JavaScript on it! We’d better not trust what this person says. ;-)
* [1] https://code.google.com/u/103427653469784489849/
…eikä näillä kommenteilla näköjään ole ikilinkkejä.
Ja kun avasin tämän kommenttilootan uudestaan tätä toista kommenttia varten, sain saman varmistuskysymyksen kuin äsken. Ihmiskäyttäjälle tietysti helpompi niin, mutta kuvittelisin, että se antaa myös spämmääjälle brute force -tilaisuuden.
Thanks for taking the time to answer my comments.
I think a big (though not big enough to be first-time-preventive) difference between you and psychopathic killers is that you’re not superficially motivated. A psychopath has no trouble hurting people in order to gain something relatively trivial — typically grotesque is the seek of sexual gratification.
You’re more of the ”I believe an antisocial act will have a cleansing effect on my soul” type that, upon acting out, either gains the spiritual emancipation they’re after, or realize they’ve just been pursuing a flare. The reason I think so is all this introspection you demonstrate here. I can’t picture you, after committing a bloody act, sitting there, thinking ”well that didn’t do much, maybe I just didn’t do it good enough, big enough?” You’d more likely have your answer there, and wouldn’t have to keep on repeating the act, banging your head against the wall so to speak (as thrill-seeking psychopath would). You’d have made your statement and either it makes an effect on others or it doesn’t. Either way, it’d be out of your hands by then, no use doing it over and over again.
I’ve been keeping a close eye on your posts lately and felt I had to say something, just so you know that it’s not like no one cares, like these morbid thoughts you have fall completely unto deaf ears. There’s little I (or anyone, as you said yourself) can do about them as long as no lives are directly at risk, but what’s always kept me from going forward with such ideas is I imagine it’d feed horribly anticlimactic once you cross that line. Nothing, especially the internal craving won’t have changed, you’ll see that the wheel of the world still keeps on whirling. It’ll just now go on without you (once the karma of your actions hits you), and no matter how much damage you do, you are still bound for oblivion just like everyone else.
Is there anything you include in these thoughts about what you’d want it to look like, how you’d want people to react, a message of some kind? Is it the ”I’m smarter than you” or is that just a bonus?
The list seems to be missing the Istanbul–Ankara express crash of 2004: ”July 23, 2004 – An Istanbul–Ankara express with 230 people on board, derails at Pamukova, Sakarya Province, Turkey and the carriages overturn, according to Turkish government official confirmed, killing at least 38 people, injuring another 80.”
@Roger: Thanks for the solution. On Ubuntu Precise, GMM 1.0.23.1334-r0 seems to use /usr/local/share/applications instead of /usr/share/applications for the desktop file (there’s also a copy in /opt/google/musicmanager/, but it’s apparently just used for installing the effective file into /usr/local/).
@Nuno: I’m not sure I see the point of encrypting the application-specific password, and then be prompted to enter the key for decrypting the password. Isn’t it more straightforward to just specify the application-specific password when GMM prompts you to? Actually, with the caveat that specifying the password on the commandline means exposing it to trusted users, isn’t having GMM prompt for it a *better* solution securitywise? I guess you do get the benefit of getting to specify your own password which can be as easily memorizable as you dare use though (the application-specific passwords are difficult). Instead of OpenSSL I’d probably use GNOME Keyring, as it gets unlocked during login without an extra prompt for another password. Then pick the key for GMM using gkeyring.
If it’s consistency and not specifically gksu-like behaviour you’re after, you could go about it the other way round by using gksu-polkit instead of gksu.
Googlen tässä ilmeisesti tekemä virhe on siinä, ettei tuon valinnan seurauksista varoiteta riittävän vakavasti. En ole itse saanut vielä tällaista valintaa eteeni (enkä ehkä saakaan, sillä olen jo YouTuben ikärajoitusten takia siellä ilmoittanut olevani täysi-ikäinen), mutta mikäli siinä ei suurin tulipunaisin kirjaimin kerrota, että menetät kaiken mitä Googlen orjana voi menettää, ja pyydetä vahvistusta kahteen kertaan (joista toinen mieluusti sähköpostitse tai vieläkin mieluummin matkapuhelimitse), sen on pakko olla liian huomaamaton.
Tämä on hyvä muistutus siitä miksi kaupallisiin toimijoihin, edes Googleen ei lopultakaan kannata luottaa. Ei sillä, ettäkö exme sellaista muistutusta olisi kaivannut, mutta ehkä me muut…
Voisin kyllä itsekin vielä blogata tästä varoituksen. Jos jokukaan välttyy sen luettuaan samalta, se on sen arvoista.