[ale] Ale Digest, Vol 37, Issue 74

Chris Chastain chris-c at chastains.com
Fri Feb 11 14:51:12 EST 2011


I agree. Thanks so much 

Sent from Chris Chastain

On Feb 11, 2011, at 2:31 PM, ale-request at ale.org wrote:

> Send Ale mailing list submissions to
>    ale at ale.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    http://mail.ale.org/mailman/listinfo/ale
> or, via email, send a message with subject or body 'help' to
>    ale-request at ale.org
> 
> You can reach the person managing the list at
>    ale-owner at ale.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Ale digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: I have fallen in love with Truecrypt (Michael H. Warfield)
>   2. Re: How to test your public internet connection for open
>      ports (Jim Kinney)
>   3. Re: Why I Chose IPsec over OpenVPN (Was: Re: How to test your
>      public internet connection for open ports) (Michael H. Warfield)
>   4. Re: How to test your public internet connection for open
>      ports (Lightner, Jeff)
>   5. Drifting OT: Re:  I have fallen in love with Truecrypt
>      (Damon L. Chesser)
>   6. Re: PC specs-AMD chipset (Damon L. Chesser)
>   7. Re: I have fallen in love with Truecrypt] (Damon L. Chesser)
>   8. Re: Drifting OT: Re:  I have fallen in love with Truecrypt
>      (Michael B. Trausch)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 11 Feb 2011 13:37:56 -0500
> From: "Michael H. Warfield" <mhw at WittsEnd.com>
> Subject: Re: [ale] I have fallen in love with Truecrypt
> To: damon at damtek.com, Atlanta Linux Enthusiasts <ale at ale.org>
> Cc: mhw at WittsEnd.com
> Message-ID: <1297449476.6390.321.camel at canyon.wittsend.com>
> Content-Type: text/plain; charset="utf-8"
> 
> On Fri, 2011-02-11 at 13:20 -0500, Damon L. Chesser wrote: 
>> On Fri, 2011-02-11 at 05:56 -0500, Paul Cartwright wrote: 
>>> On 02/10/2011 11:24 PM, Matty wrote:
>>>> There are very few pieces of software that I am smitten with, but
>>>> Truecrypt has just fallen into that category. I have a geek crush on
>>>> it now:;)
>>>> 
>>>> http://prefetch.net/articles/truecrypt-desktop-encryption-osx-linux-windows.html
>>>> 
>>>> Anyone else using it? Have you encountered any issues?
>>>> 
>>>> 
>>> I use ecryptfs to mount a private folder. I'm not sure I'm ready to 
>>> encrypt my entire drive.
>>> and I REALLY use KeepassX !! Sometimes I open that app many times a day! 
>>> & I have it on my windows box too.
>>> 
> 
>> I use LUKS on all my laptops, full hard drive encrypted.  Easy to carry,
>> easy to steel.  You can have the hardware, but all my bases will still
>> belong to me.
> 
> Yeah, I'm required by my office to have my hard drives fully encrypted.
> For Windows, they require Enterprise PGP Desktop.  For Linux, LUKS is
> the acceptable alternative although PGP is available for RedHat RHEL 5
> and should be available for RHEL 6 soon if not already.  TrueCrypt is
> actually not allowed but more because of licensing issues than anything
> else.
> 
> Rumor has it (I've seen the patches discussed on lists) that grub2
> (installed on Ubuntu and optional on Fedora) will even support encrypted
> boot partitions with LUKS encryption.  On my todo list to play with to
> see if those patches ever made it into main-line code and if it
> works.  :-)
> 
> Regards,
> Mike
> -- 
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of all
> PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 482 bytes
> Desc: This is a digitally signed message part
> Url : http://mail.ale.org/pipermail/ale/attachments/20110211/5c40190e/attachment-0001.bin 
> 
> ------------------------------
> 
> Message: 2
> Date: Fri, 11 Feb 2011 13:46:50 -0500
> From: Jim Kinney <jim.kinney at gmail.com>
> Subject: Re: [ale] How to test your public internet connection for
>    open ports
> To: Atlanta Linux Enthusiasts <ale at ale.org>
> Message-ID:
>    <AANLkTi=603UNhAzskyU4XHqEDEAxoEpWjgu_DAHuM=6u at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
> 
> On Fri, Feb 11, 2011 at 11:40 AM, Michael B. Trausch <mike at trausch.us> wrote:
> <snip> I refuse to reply any further until
>> you actually take the time to learn how the infrastructure of which you
>> speak _works_.
> <snip another 300+ lines of "I refuse to reply further"...>
> 
> :-)
> 
> http://xkcd.com/386/
> 
> -- 
> --
> James P. Kinney III
> I would rather stumble along in freedom than walk effortlessly in chains.
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Fri, 11 Feb 2011 13:48:20 -0500
> From: "Michael H. Warfield" <mhw at WittsEnd.com>
> Subject: Re: [ale] Why I Chose IPsec over OpenVPN (Was: Re: How to
>    test your public internet connection for open ports)
> To: "Michael B. Trausch" <mike at trausch.us>
> Cc: mhw at WittsEnd.com, Atlanta Linux Enthusiasts <ale at ale.org>
> Message-ID: <1297450100.6390.330.camel at canyon.wittsend.com>
> Content-Type: text/plain; charset="utf-8"
> 
> On Fri, 2011-02-11 at 13:32 -0500, Michael B. Trausch wrote: 
>> On Fri, 2011-02-11 at 13:14 -0500, Michael H. Warfield wrote:
> 
> <-- quick snip -->
> 
>>> IPsec:
>>> - Cannot do over TCP (Cisco is about the only one I know that does)
> 
>> Maybe I'm missing something, but why would you want to do that?  I mean,
>> you can do IP by sneakernet or carrier pigeon, too, but I wouldn't want
>> to... ;-)
> 
> Because OpenVPN has it and the Cisco's have it and some people have
> asked for it for sites where they block all outbound UDP.  Yeah, we do
> actually run into that from time to time.  It's used as an excuse to
> foist TCP based SSL tunnels on some of us and I just can't drive a stake
> through the heart of that argument.  If you're going to use SSL (real
> SSL) for a VPN then DTLS (Datagram TLS - aka SSL over UDP) is good.  The
> Cisco AnyConnect OpenSource OpenConnnect is an example of an SSL VPN
> that supports both SSL over TCP and DTLS UDP.
> 
> OpenVPN, OTOH, claims to use ESP-in-UDP encapsulation, which is IPsec
> NAT-T encapsulation, but it's not really IPsec compatible and their key
> exchange negotiation is definitely not IKE compatible.  So they're not
> really SSL over UDP (DTLS) but they're also not IPsec but something sort
> of in-betwixt.
> 
>>> - Can be blocked at some sites (proto 50/51 and/or udp 500/4500)
>> 
>> Indeed.  Though I was very happy to see that RFC 6092 explicitly
>> recommends that IPsec be left untouched and permitted to pass.
>> Hopefully, vendors will take the recommendations from that as a default
>> configuration.
> 
>> I for one would like to see (native) IPsec used much more than it is.
> 
> Wouldn't we all.  Been fighting that fight for a long time.
> 
>>    --- Mike
> 
> Mike
> -- 
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of all
> PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 482 bytes
> Desc: This is a digitally signed message part
> Url : http://mail.ale.org/pipermail/ale/attachments/20110211/11eb3ab1/attachment-0001.bin 
> 
> ------------------------------
> 
> Message: 4
> Date: Fri, 11 Feb 2011 13:58:24 -0500
> From: "Lightner, Jeff" <jlightner at water.com>
> Subject: Re: [ale] How to test your public internet connection for
>    open ports
> To: "Atlanta Linux Enthusiasts" <ale at ale.org>
> Message-ID: <FF38BBA1BF42AB46A7F46524614FAB62029CCF5A at EXVS02.dsw.net>
> Content-Type: text/plain;    charset="us-ascii"
> 
> I thought I was wrong once but I was mistaken.
> 
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Jim
> Kinney
> Sent: Friday, February 11, 2011 1:47 PM
> To: Atlanta Linux Enthusiasts
> Subject: Re: [ale] How to test your public internet connection for open
> ports
> 
> On Fri, Feb 11, 2011 at 11:40 AM, Michael B. Trausch <mike at trausch.us>
> wrote:
> <snip> I refuse to reply any further until
>> you actually take the time to learn how the infrastructure of which
> you
>> speak _works_.
> <snip another 300+ lines of "I refuse to reply further"...>
> 
> :-)
> 
> http://xkcd.com/386/
> 
> -- 
> --
> James P. Kinney III
> I would rather stumble along in freedom than walk effortlessly in
> chains.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 
> Proud partner. Susan G. Komen for the Cure.
> 
> Please consider our environment before printing this e-mail or attachments.
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
> ----------------------------------
> 
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Fri, 11 Feb 2011 14:15:20 -0500
> From: "Damon L. Chesser" <damon at damtek.com>
> Subject: [ale] Drifting OT: Re:  I have fallen in love with Truecrypt
> To: Atlanta Linux Enthusiasts <ale at ale.org>
> Message-ID: <1297451720.1522.42.camel at dam-main>
> Content-Type: text/plain; charset="UTF-8"
> 
> On Fri, 2011-02-11 at 12:04 -0500, Michael B. Trausch wrote: 
>> On Fri, 2011-02-11 at 11:48 -0500, David Tomaschik wrote:
>>> (Oh yeah, and I have this crazy notion that the 1st, 4th, and 5th
>>> amendments -- among others -- still apply to me.) 
>> 
>> +1
>> +1
>> +1
>> +1
>> +10000000000
>> +eleventyone!!1!1!1!11!
>> 
>>    --- Mike
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
> 
> 
> I agree.  I am not doing anything illegal, but you can not search my
> property with out a warrant.  However, I am confused by GA law.
> http://www.georgiapacking.org/caselaw/ states that in Brewer v. State
> The Supreme Court of the State of Georgia declares that the protections
> guaranteed by the Second Amendment to the United States Constitution do
> not apply to Georgia.
> 
> This confuses me.  The Bill of Rights are rights of The People, not the
> States.  Does Ga. have the right to limit religion or speech or search?
> -- 
> Damon
> damon at damtek.com
> 
> 
> 
> ------------------------------
> 
> Message: 6
> Date: Fri, 11 Feb 2011 14:22:08 -0500
> From: "Damon L. Chesser" <damon at damtek.com>
> Subject: Re: [ale] PC specs-AMD chipset
> To: ale at pcartwright.com
> Cc: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
> Message-ID: <1297452128.1522.47.camel at dam-main>
> Content-Type: text/plain; charset="UTF-8"
> 
> On Fri, 2011-02-11 at 14:13 -0500, Paul Cartwright wrote:
>> 
>>> Well, with the release of Sandy Bridge, AMD has nothing, NOTHING
>> close 
> 
> It *was* before the recall, and Intell said if you are not using 3GB/s
> SATA it was fine for release until the fix is out (hardware fix, you
> can't upgrade an existing board).  So:  I don't know.
> 
> http://techreport.com/articles.x/20188/19
> 
> That lists the market names for the chips.  Then I supose you would have
> to search for motherboards with LGA-1155 sockets or Core i5-2400 Main
> board.
> 
> New Egg does not have any, yet.
> 
> -- 
> Damon
> damon at damtek.com
> 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Fri, 11 Feb 2011 14:24:34 -0500
> From: "Damon L. Chesser" <damon at damtek.com>
> Subject: Re: [ale] I have fallen in love with Truecrypt]
> To: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
> Message-ID: <1297452274.1522.49.camel at dam-main>
> Content-Type: text/plain; charset="UTF-8"
> 
> Forwarded to the list for common benefit (if any).
> 
> -------- Forwarded Message --------
> From: Damon L. Chesser <damon at damtek.com>
> Reply-to: damon at damtek.com
> To: ale at pcartwright.com
> Subject: Re: [ale] I have fallen in love with Truecrypt
> Date: Fri, 11 Feb 2011 13:57:31 -0500
> 
> On Fri, 2011-02-11 at 13:38 -0500, Paul Cartwright wrote: 
>> On 02/11/2011 01:20 PM, Damon L. Chesser wrote:
>>> I use LUKS on all my laptops, full hard drive encrypted.  Easy to carry,
>>> easy to steel.  You can have the hardware, but all my bases will still
>>> belong to me.
>>> 
>> is that something I can after everything is setup, or does it have to be 
>> installed FIRST... is there a HOW-TO out there somewhere, or docs?? I 
>> could see me putting that on my laptop(S)..
>> 
>> 
> 
> 
> This is the best guide I have found on the subject.  I suspect it might
> be a bit dated, because man cyrptsetup reveals and option to
> backupHeader and restoreHeader instead of using luksDump and dd.
> 
> https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt 
> -- 
> Damon
> damon at damtek.com
> 
> -- 
> Damon
> damon at damtek.com
> 
> 
> 
> ------------------------------
> 
> Message: 8
> Date: Fri, 11 Feb 2011 14:31:23 -0500
> From: "Michael B. Trausch" <mike at trausch.us>
> Subject: Re: [ale] Drifting OT: Re:  I have fallen in love with
>    Truecrypt
> To: damon at damtek.com, Atlanta Linux Enthusiasts <ale at ale.org>
> Message-ID: <1297452683.16362.46.camel at aloe>
> Content-Type: text/plain; charset="utf-8"
> 
> On Fri, 2011-02-11 at 14:15 -0500, Damon L. Chesser wrote:
>> On Fri, 2011-02-11 at 12:04 -0500, Michael B. Trausch wrote: 
>>> On Fri, 2011-02-11 at 11:48 -0500, David Tomaschik wrote:
>>>> (Oh yeah, and I have this crazy notion that the 1st, 4th, and 5th
>>>> amendments -- among others -- still apply to me.) 
>>> 
>>> +1
>>> +1
>>> +1
>>> +1
>>> +10000000000
>>> +eleventyone!!1!1!1!11!
>>> 
>> 
>> I agree.  I am not doing anything illegal, but you can not search my
>> property with out a warrant.  However, I am confused by GA law.
>> http://www.georgiapacking.org/caselaw/ states that in Brewer v. State
>> The Supreme Court of the State of Georgia declares that the
>> protections guaranteed by the Second Amendment to the United States
>> Constitution do not apply to Georgia.
>> 
>> This confuses me.  The Bill of Rights are rights of The People, not
>> the States.  Does Ga. have the right to limit religion or speech or
>> search?
> 
> I think that if such a case fell before SCOTUS, they'd have something
> quite different to say about that.  States are not technically allowed
> to contradict laws at the Federal level, nor are they technically
> allowed to contract the US Constitution.  (Actually, what it really is:
> jurisdictions are not allowed to contradict superordinate jurisdictions;
> they can extend them.  So for example, a state can impose additional
> penalties over those specified by Federal law, but it cannot
> decriminalize something that is illegal in the superordinate
> jurisdiction---nor can it criminalize something explicitly made legal in
> the superordinate jurisdiction.)
> 
> In _practice_, however, it can be somewhat different.  A jurisdiction
> will often act in a way not permitted by our legal system.  As with
> trying a case in court, the law is selectively enforced.  What I mean by
> that is that in a court, a lawyer must raise an objection to call the
> referee (the judge) to make a ruling or impose a penalty.  The referee
> doesn't proactively call out things which are technically disallowed.
> So it is with jurisdictions: someone must call "objection" to the
> superordinate jurisdiction before it will step in (in some stupid,
> pompous and legally prescribed manner, probably) and deal with the
> problem.
> 
>    --- Mike
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 198 bytes
> Desc: This is a digitally signed message part
> Url : http://mail.ale.org/pipermail/ale/attachments/20110211/987ae1cd/attachment.bin 
> 
> ------------------------------
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> 
> 
> End of Ale Digest, Vol 37, Issue 74
> ***********************************



More information about the Ale mailing list