PDA

View Full Version : DriveCrypt



George Orwell
11-26-08, 04:30 AM
Has anyone had any experience with this program, I'd like an opinion
before I buy, how good is it?



Q: Has the DriveCrypt Plus Pack encryption ever been broken/hacked?

A: No! In the past, we have also launched several contests offering up
to 100,000 US$ for the first person able to open a DriveCrypt encrypted
disk…

Nobody succeeded! (See our press section for more details)



Q: Is there a back door in your software?

A: No. There is no "back door" in our software, and there is no point
in making one as we might risk losing the good reputation of our
products. Besides this, today there is no law in Germany that can force
us to make one in our software.



Q: We are from the "Police" "Tax authority" "Security Company"…. and
are investigating on someone whose computer is protected with your
DriveCrypt software. Since we were not able to break into the protected
computer ourselves, could you please assist us getting access to the
encrypted data? If requested, we can provide you with a court order.

A: Sorry, but our software has been designed to be the most secure in
the industry, and as such not even our programmers are able to break
into a DriveCrypt encrypted computer.

The only way to get access to the protected data is by entering the
correct password known only by the legitimate user.



Q: Does DCPP works with Windows Vista ?

A: Yes, starting from version 3.9 of DCPP Windows Vista (32 bit)
compatibility where added.



Q: Can I encrypt my entire operating System with DCPP ?

A: Yes, you can encrypt your entire operating system without loosing
any data on it.



Q: Does installing DCPP require a complete reinstall of WinXP and
previously installed programs?

A: No, you can just install DCPP on top of the operating system, DCPP
makes the rest.



Q: Does any software and hardware that runs under WinXP / Win Vista
also run under XP/Vista with DCPP?

A: Yes



Q: Does one lose any OS or PC functionality by using DCPP ?

A: Hibernate will not work when using DCPP.



Q: Can one use any DOS based tools on the DCPP disk ?

A: Yes. But in read only mode



Q: Can one use partitioning tools like Partition Magic with DCPP ?

A: No. DCPP encrypts the whole partitions and partitioning tools are
not able to understand the DCPP format.



Q: Can one use imaging tools like Acronis with DCPP

A: Yes, see DCPP user manual for instructions.



Q: Can one use the WinXP recovery console if needed?

A: No, not if the boot disk is encrypted



Q: Does DCPP encrypt only an entire disk or can it work on individual
volumes/partitions?

A: It encrypts individual partitions.



Q: Does DCPP work with hardware RAID? Software RAID?

A: We did not test it, so for now RAID is not supported.



Q: What happens if WinXP /Vista or other software crashes?

A: DCPP allows creation of a Recovery Disk, with this disk you can
decrypt the operating system with the bootable Floppy Disk or CD. Then,
after entering your password, the recovery disk will allow you to
decrypt the disk from the DOS level. This is useful if the operating
system gets corrupted and does not boot anymore normally.



Q: How vulnerable is DCPP to corruption errors? Is there any mechanism
to recover the disk after some corruption?

A: Yes there is the emergency repair disk, which handles recovering
from a corrupt MBR



Q: How much performance penalty is there when running WinXP / Win Vista
under DCPP?

A: Usually the user will not notice any loss of performance, however it
may be possible to measure a loss of 1-3%. This numbers are very system
specific.



Q: Does DCPP work with dynamic volumes?

A: No. If you also need to work with dynamic volumes, please consider
using DriveCrypt in combination with DCPP.



Q: What is the purpose of this new DCPPaid.exe file ?

A: The purpose of this file is to keep reminding the user that his
DriveCrypt Plus Pack evaluation period has expired and he should now
uninstall the software. We Did not think it fair to deny him access to
his disks, or suddenly remind him that it would be unavailable pretty
soon, so we designed this reminder program, which cannot be removed
without uninstalling DriveCrypt Plus Pack. The DCPPaid file is not
spyware, and we do not use it to communicate or store anything about the
user's activities.



Q: I would like to have a personalized version of your software, is
this possible?

A: Yes, please contact us at contact@securstar.com






Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

anonymous
11-26-08, 07:45 AM
I don't want to knock them out of business, but TrueCrypt is free and
open source. I would go with them. You have to take DriveCrypt's word
concerning not having a back door. Even their claim to not having one
because of the loss of reputation can not be verified. For all you
know this could be an intelligence agency front company. Go with
TrueCrypt.

http://www.truecrypt.org/

nemo_outis
11-26-08, 10:46 AM
anonymous <anon@domain.invalid> wrote in news:ggjjsk$sst$1
@news.mixmin.net:

> I don't want to knock them out of business, but TrueCrypt is free and
> open source. I would go with them. You have to take DriveCrypt's word
> concerning not having a back door. Even their claim to not having one
> because of the loss of reputation can not be verified. For all you
> know this could be an intelligence agency front company. Go with
> TrueCrypt.
>
> http://www.truecrypt.org/


Truecrypt is an excellent program BUT...

1) You have no idea who the developers are (they remain pseudonymous)

2) Very few people compile the Windows binaries from source; it is
exceedingly difficult to generate binaries from source that match the
binaries provided by Truecrypt (due to compiler options, etc.)

3) There are NO (zip, nada, zilch) published detailed reviews of the
source code. Availability of open-source *doesn't* mean that reviews
actually get done!

4) Truecrypt has ruthlessley suppressed all earlier versions (from
wayback, sourceforge, oldapps, etc.) even though they were supposedly
open-source (thus making incremental review impossible). This is
ominous!

5) There is no public mechanism for submission and review of bug
reports, etc. Any bug database, etc. is CLOSED! to the public, with only
a "bug report form" available that goes into a black hole unacknowledged.

6) The Truecrypt forums are run in an exceedingly autocratic and
unfriendly way, with many posts arbitrarily removed. Many topics (not
just the ones in the posting guidelines) are "off limits." Moreover, the
forums sometimes close unexplained for long periods (a month or more) and
reemerge with many posts purged. The moderators make it very difficult
for posters to contact each other directly.

7) The license for Truecrypt is NOT open source (e.g., doesn't meet OSI
criteria) and is quite restrictive.

There are a number of rationales presented in defence of the above points
by the developers (e.g., centralized control, quality, reputation, etc.)
but they are all, IMHO, very weak in contrast to the opposing views.

In short, there is NO substantive public evidence that Truecrypt's source
code has been the subject of thorough review, nor is there any reason to
rely on the credentials of the developers (since they remain anonymous).
In that absence, using Truecrypt is an act of blind faith every bit as
much (or more!) than using a closed-source encryption program.

Regards,

John Smith
11-26-08, 12:55 PM
nemo_outis wrote:
> anonymous <anon@domain.invalid> wrote in news:ggjjsk$sst$1
> @news.mixmin.net:
>
>> I don't want to knock them out of business, but TrueCrypt is free and
>> open source. I would go with them. You have to take DriveCrypt's word
>> concerning not having a back door. Even their claim to not having one
>> because of the loss of reputation can not be verified. For all you
>> know this could be an intelligence agency front company. Go with
>> TrueCrypt.
>>
>> http://www.truecrypt.org/
>
>
> Truecrypt is an excellent program BUT...
>
> 1) You have no idea who the developers are (they remain pseudonymous)
>
> 2) Very few people compile the Windows binaries from source; it is
> exceedingly difficult to generate binaries from source that match the
> binaries provided by Truecrypt (due to compiler options, etc.)
>
> 3) There are NO (zip, nada, zilch) published detailed reviews of the
> source code. Availability of open-source *doesn't* mean that reviews
> actually get done!
>
> 4) Truecrypt has ruthlessley suppressed all earlier versions (from
> wayback, sourceforge, oldapps, etc.) even though they were supposedly
> open-source (thus making incremental review impossible). This is
> ominous!
>
> 5) There is no public mechanism for submission and review of bug
> reports, etc. Any bug database, etc. is CLOSED! to the public, with only
> a "bug report form" available that goes into a black hole unacknowledged.
>
> 6) The Truecrypt forums are run in an exceedingly autocratic and
> unfriendly way, with many posts arbitrarily removed. Many topics (not
> just the ones in the posting guidelines) are "off limits." Moreover, the
> forums sometimes close unexplained for long periods (a month or more) and
> reemerge with many posts purged. The moderators make it very difficult
> for posters to contact each other directly.
>
> 7) The license for Truecrypt is NOT open source (e.g., doesn't meet OSI
> criteria) and is quite restrictive.
>
> There are a number of rationales presented in defence of the above points
> by the developers (e.g., centralized control, quality, reputation, etc.)
> but they are all, IMHO, very weak in contrast to the opposing views.
>
> In short, there is NO substantive public evidence that Truecrypt's source
> code has been the subject of thorough review, nor is there any reason to
> rely on the credentials of the developers (since they remain anonymous).
> In that absence, using Truecrypt is an act of blind faith every bit as
> much (or more!) than using a closed-source encryption program.
>
> Regards,

DriveCrypt does have an excellent reputation...... And good support.
It looks like the best on the market now are the paid PGP products and
the DriveCrypt Plus Pack.

nemo_outis
11-26-08, 02:23 PM
John Smith <nym@invalid.org> wrote in
news:492d9b8a$0$26143$ec3e2dad@unlimited.usenetmonster.com:

> DriveCrypt does have an excellent reputation...... And good support.
> It looks like the best on the market now are the paid PGP products and
> the DriveCrypt Plus Pack.

With commercial developers there are a number of things to look for:

1) Company rep
2) Product rep (including bugtraq bugs, etc.)
3) Company Support
4) Price
5) For the paranoid: Company location (outside US, NATO countries, etc.)
6) Product features (especially whether you need the "corporate
adminsitrative stuff" - most vendors make most of their money from
companies, not consumers)
7) Third-party certification, especially FIPS-2.

For instance, Winmagic's Securedoc (from Canada) has FIPS-2 Level 2
certification. No, that isn't equivalent to open-source and some people
believe even the independent FIPS labs may be compromised, but it does
mean the product has undergone a rigorous independent review using a
standardized process.

However, getting FIPS-2 certification is costly and some feel it is
mostly just a marketing thing (like ISO 9000) so that it can be bought by
government and corporate customers who have to comply with **** like
HIPAA and need to cover their butts for necessary certifications/due
diligence.

My personal preference (yes, even over Truecrypt) is closed-source
commercial Bestcrypt Volume Encryption from Jetico (in Finland). Cutting
edge technology (RAID, XTS, multi-password, etc.) from a company with a
long track record. (No FIPS-2 cert though.)

While Bestcrypt or Truecrypt is enough for most, for those with serious
needs I recommend taking the performance and complication hit and using a
multi-layer approach which largely eliminates any single point of failure
(e.g., if one product has a bug or backdoor).

For instance, one might use a Seagate Momentus FDE-2 hardware-encrypted
drive, with Bestcrypt whole-disk encryption layered on. Real paranoids
might even add a third layer, keeping especially sensitive data in
Truecrypt container files.

Regards,

Peri Bathous
11-26-08, 05:11 PM
George Orwell wrote:

> Has anyone had any experience with this program, I'd like an opinion
> before I buy, how good is it?

Forget Drivecrypt... there's at the very least three open source,
time tested, free alternatives that aren't distributed by snake
oil peddlers with strong ties to known net scum like the "Evidence
Eliminator" spammers and Privacy.LIE criminals.

> Q: Has the DriveCrypt Plus Pack encryption ever been broken/hacked? =20

Hard to say. We don't KNOW of any such incident, but it's quite
possible DCPP even has some sort of "back door" coded right into it
so that anyone with the keys can hack right in no problem. Let
alone some flaw that someone discovered and hasn't released for
obvious reasons.

> A: No! In the past, we have also launched several contests offering up
> to 100,000 US$ for the first person able to open a DriveCrypt encrypted
> disk=E2=80=A6 =20
> =20
> Nobody succeeded! (See our press section for more details) =20

Anyone who knows anything about encryption software knows what a
sham these sorts of challenges really are. They prove nothing.
Smoke and mirrors designed to cover up the fact that you don't have
enough faith in your own product to subject it to critical, expert
analysis.=20

> Q: Is there a back door in your software? =20
> =20
> A: No. There is no "back door" in our software, and there is no point
> in making one as we might risk losing the good reputation of our

Tell it to the people at JAP, suckers. That little incident both
highlighted the fact that encryption software absolutely CAN and IS
back doored in spite of any concerns about "reputation", and how
open source can be a viable tool against such attacks.

> products. Besides this, today there is no law in Germany that can force
> us to make one in our software. =20

ROTFL!

JAP was back doored by the **German** authorities.

<stupid **** snipped>

Anonymous
11-26-08, 06:11 PM
nemo_outis wrote:

> My personal preference (yes, even over Truecrypt) is closed-source
> commercial Bestcrypt Volume Encryption from Jetico (in Finland). Cutting

1. Bestcrypt isn't closed source, you ninny.

2. What happened to you prattling on about it being "whole disk"?

nemo_outis
11-26-08, 07:04 PM
Anonymous <cripto@ecn.org> wrote in
news:20081127001123.360691A77CB@isole:

> nemo_outis wrote:
>
>> My personal preference (yes, even over Truecrypt) is closed-source
>> commercial Bestcrypt Volume Encryption from Jetico (in Finland).
>> Cutting
>
> 1. Bestcrypt isn't closed source, you ninny.

Bestcrypt Volume Encryption, the whole-disk version for Windows, is
closed source. *Some but NOT all* of the source code is available for
review under the SDK (software development kit), and furthermore even
this limited source code is NOT provided under an open-source licence.

(PGP Whole Disk Encryption also makes part but NOT all of its source code
available under a restrictive licence, and it too is not open source.
Bestcrypt makes all its Linux source code available for inspection, but
NOT under an open-source licence. Further, the Linux version does NOT
provide whole disk encryption.)

Bestcrypt (and PGP) are to be commended for this, but it falls far short
of making them open-source programs. Being only "partly closed-source" is
like being only "slightly pregnant."

> 2. What happened to you prattling on about it being "whole disk"?

Bestcrypt is described as "Whole disk encryption" under the first bullet
of the Wikipedia subheading "Features" in its article on Bestcrypt.
http://en.wikipedia.org/wiki/BestCrypt

Further, even the opening defining words of the Wikipedia article on the
topic treat "full disk encryption" and "whole disk encryption" as
synonymous.
http://en.wikipedia.org/wiki/Full_disk_encryption

If you, who are terminologically obtuse, disagree, go argue with the
Wikipedia and stop being a nuisance here.

Regards,

Box750
11-26-08, 10:34 PM
> 6) The Truecrypt forums are run in an exceedingly autocratic and
> unfriendly way, with many posts arbitrarily removed. Many topics (not
> just the ones in the posting guidelines) are "off limits." Moreover, the
> forums sometimes close unexplained for long periods (a month or more) and
> reemerge with many posts purged. The moderators make it very difficult
> for posters to contact each other directly.

I second that, Truecrypt forums are extremly low quality, they go down
when they feel like it and you can not register with them unless you
use your ISP email which takes away your anonymity.
>
> 7) The license for Truecrypt is NOT open source (e.g., doesn't meet OSI
> criteria) and is quite restrictive.

Quite right, this is the reason why almost all of the Linux
distributions will not include truecrypt, because they do not use the
GPL License. When I have suggested some distro developer to include
Truecrypt out of the box they always point at me at their restrictive
license. Open source does not mean it is necessary GPL licensed.

--
Privacylover: http://www.privacylover.com

Box750
11-26-08, 10:39 PM
>> products. Besides this, today there is no law in Germany that can force
>> us to make one in our software. =20
>
> ROTFL!
>
> JAP was back doored by the **German** authorities.
>
Thats correct, and Hushmail was backdoored by the Canadian
authorities at the request of the FBI.

But a HD encryption product is different from a proxy or Email
service, JAP and Hushmail both where backdoored to spy on a
SINGLE individual, if you backdoor a HD encryption product then
all users will be compromised regardless of who they are, this is not
admissible by any country standards, US,Germany or France.

It has been done in the past to intercept communications in mass, but
this remains illegal and no court will authorise this. This kind of
"intelligence" can not usually be used in court against you.

--
Privacylover: http://www.privacylover.com

Nightmix-Remailer
11-27-08, 11:11 AM
nemo_outis wrote:

> Anonymous <cripto@ecn.org> wrote in
> news:20081127001123.360691A77CB@isole:
>
> > nemo_outis wrote:
> >
> >> My personal preference (yes, even over Truecrypt) is closed-source
> >> commercial Bestcrypt Volume Encryption from Jetico (in Finland).
> >> Cutting
> >
> > 1. Bestcrypt isn't closed source, you ninny.
>
> Bestcrypt Volume Encryption, the whole-disk version for Windows, is
> closed source. *Some but NOT all* of the source code is available for

Sorry, but you're mistaken.

> (PGP Whole Disk Encryption also makes part but NOT all of its source code

Good grief. You got spanked on this one months ago with a link
right to the complete source code package.

> Bestcrypt is described as "Whole disk encryption" under the first bullet
> of the Wikipedia

Wikipedia... now there's an authoritative source.

Jetico says it's not whole disk, Wikipedia says it is, and you like
a ******* go with Wikipedia just to try and avoid admitting you're
wrong.

You poor, pathetic, git. If you weren't such a pompous blowhard I'd
actually feel sorry for you.

~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. Please report spam or misuse to the remailer-operator:
<nightmix@fahr-zur-hoelle.org>

nemo_outis
11-27-08, 12:08 PM
Nightmix-Remailer <spam_for_blackhole@nurfuerspam.de> wrote in
news:HHMKL2PG39779.7577199074@blackhole.org:

*******, you're just noise on the channel.

Go argue with Wikipedia or Bestcrypt or anyone else if you think they will
take you seriously - I won't.

jc
11-27-08, 12:41 PM
Anonymous wrote:
> nemo_outis wrote:
>
>> My personal preference (yes, even over Truecrypt) is closed-source
>> commercial Bestcrypt Volume Encryption from Jetico (in Finland). Cutting
>
> 1. Bestcrypt isn't closed source, you ninny.
>

Read the BestCrypt license, it fails the open standard requirements at
every level. Among other things, the user is not allowed to modify the
code. That the source code is available for review is important, but it
is not open source.


jc

> 2. What happened to you prattling on about it being "whole disk"?
>
>

Non scrivetemi
11-27-08, 10:51 PM
In article <Xns9B6367351E441pqwertyu@69.16.185.247>
"nemo_outis" <abc@xyz.com> wrote:
>
> Nightmix-Remailer <spam_for_blackhole@nurfuerspam.de> wrote in
> news:HHMKL2PG39779.7577199074@blackhole.org:
>
> *******, you're just noise on the channel.
>
> Go argue with Wikipedia or Bestcrypt or anyone else if you think they will
> take you seriously - I won't.

http://www.jetico.com/bcve_web_help/index.php?info=html/01_introduction/02_what_is_ve.htm

What is Volume Encryption

The chapter explains why BestCrypt Volume Encryption (a line in
BestCrypt family of encryption software products) has got Volume
Encryption name. Many people may think that Volume Encryption is the
same as Partition Encryption or even Whole Disk Encryption. Sometimes
it is really so, but not always, and it is worth to learn about the
difference.

The idea of Whole Disk Encryption software is rather simple. Such
software works with physical hard drive and is intended to encrypt all
the sectors on the hard drive. In real life software usually does not
encrypt first sectors (usually 63 sectors) reserved for future use (the
latest versions of Windows can use these sectors). Whole Disk
Encryption software encrypts every hard drive on computer
independently, often with different encryption keys.

Whole Disk Encryption
Figure 1. Whole Disk Encryption

Partition Encryption software usually works on basic disks. It is a
more flexible way of encrypting data, because it allows the user to
open (enter password and get access to) different encrypted partitions
independently. Note that if a partition occupies the whole hard drive
(as partition C: on the Figure 2 below), Partition Encryption works for
the user as Whole Disk Encryption.

Partition Encryption
Figure 2. Partition Encryption

Since Windows NT time, the Windows operating system allows the user to
create multi-partition volumes. Windows can combine several partitions
(even stored on different physical hard drives) into a large single
"partition" called Volume. It is a significant step forward, at least
because such volumes allow the user to:

* create a larger single logical unit to store files (spanned
volumes);
* get more reliable way to store sensitive data (mirrored and RAID-
5 volumes);
* get higher overall performance of IO operations (striped and RAID-
5 volumes).

We call encryption software working with volumes Volume Encryption
software. Note that if Volume Encryption software encrypts a volume
consisting of a single partition, for the user it will give the same
result as Partition Encryption software. If a single partition occupies
the whole hard drive, Volume Encryption will be equal both to Whole
Disk Encryption and Partition Encryption. Encrypting of basic partition
C: on Figure 3 below illustrates that.

Volume Encryption
Figure 3. Volume Encryption

What kind of encryption is better? Partition Encryption software
usually works on basic partitions. If so, it will not be able to
recognize and work with dynamic disks where spanned, RAID-5 or other
types of volumes reside.

With Whole Disk Encryption software the user can separately encrypt all
the hard disks where volumes are stored (like HDD2, HDD3 and HDD4 on
the picture above). But every time the user administrates the hard
drives, he/she should always keep in mind what hard drives must be
opened to get some volume accessible. If some hard drive is not opened
(i.e. password not entered and transparent decrypting not started), the
filesystem structure of the volume can be damaged, since Windows may
notice that one part of the volume is consistent, but another one
contains garbage, hence, fixing is required.

Volume Encryption software works with volume as with a single portion
of data. Volume is always in one of the two definite states: if
password is not entered, the whole volume is not accessible. If the
user enters the proper password and opens the volume, all its parts,
even stored on different hard drives, become accessible. In our
opinion, working with volumes is more native both for the user and
computer, because it is a volume that stores a complete filesystem
structure and a complete tree of the user's files. As in the modern
world single volume stores data scattered on a number of physical
disks, it is more convenient and safe to manage a volume, rather than
work with every physical drive separately.

nemo_outis
11-27-08, 11:25 PM
"Non scrivetemi" <nonscrivetemi@pboxmix.winstonsmith.info> wrote in
news:8a8d9975d8d9f9492d4a88ecbd63b24a@pboxmix.winstonsmith.info:

Shhh, the adults are talking. So do be a dear and **** off.

Ari
11-28-08, 07:22 AM
On Wed, 26 Nov 2008 16:46:38 GMT, nemo_outis wrote:

> Truecrypt is an excellent program BUT...
>
> 1) You have no idea who the developers are (they remain pseudonymous)
>
> 2) Very few people compile the Windows binaries from source; it is
> exceedingly difficult to generate binaries from source that match the
> binaries provided by Truecrypt (due to compiler options, etc.)
>
> 3) There are NO (zip, nada, zilch) published detailed reviews of the
> source code. Availability of open-source *doesn't* mean that reviews
> actually get done!
>
> 4) Truecrypt has ruthlessley suppressed all earlier versions (from
> wayback, sourceforge, oldapps, etc.) even though they were supposedly
> open-source (thus making incremental review impossible). This is
> ominous!
>
> 5) There is no public mechanism for submission and review of bug
> reports, etc. Any bug database, etc. is CLOSED! to the public, with only
> a "bug report form" available that goes into a black hole unacknowledged.
>
> 6) The Truecrypt forums are run in an exceedingly autocratic and
> unfriendly way, with many posts arbitrarily removed. Many topics (not
> just the ones in the posting guidelines) are "off limits." Moreover, the
> forums sometimes close unexplained for long periods (a month or more) and
> reemerge with many posts purged. The moderators make it very difficult
> for posters to contact each other directly.
>
> 7) The license for Truecrypt is NOT open source (e.g., doesn't meet OSI
> criteria) and is quite restrictive.
>
> There are a number of rationales presented in defence of the above points
> by the developers (e.g., centralized control, quality, reputation, etc.)
> but they are all, IMHO, very weak in contrast to the opposing views.
>
> In short, there is NO substantive public evidence that Truecrypt's source
> code has been the subject of thorough review, nor is there any reason to
> rely on the credentials of the developers (since they remain anonymous).
> In that absence, using Truecrypt is an act of blind faith every bit as
> much (or more!) than using a closed-source encryption program.
>
> Regards,

"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"

nemo_outis
11-28-08, 07:51 AM
Ari <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote in
news:ggorap$nqi$1@news.motzarella.org:

> "You can't trust code that you did not totally create yourself"
> Ken Thompson "Reflections on Trusting Trust"

I don't even trust code that I wrote :-)

Regards,

nemo_outis
11-28-08, 08:32 AM
Ari <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote in
news:ggorap$nqi$1@news.motzarella.org:

....
>> In short, there is NO substantive public evidence that Truecrypt's
>> source code has been the subject of thorough review, nor is there any
>> reason to rely on the credentials of the developers (since they
>> remain anonymous). In that absence, using Truecrypt is an act of
>> blind faith every bit as much (or more!) than using a closed-source
>> encryption program.

> "You can't trust code that you did not totally create yourself"
> Ken Thompson "Reflections on Trusting Trust"

Yes, the above paper - which everyone here should read! - makes a very
powerful point.

But it gets worse, much worse.

Open source code is no panacea. First of all, I don't believe most open
source code gets anything more than very cursory review - if even that.
Oh sure, lots of people may briefly scan the code, a few people may look
at a few small parts of it more intensively, and if a bug or anomaly pops
up in use a few people may try to trace it back to the source code.
That's about it though.

Good thorough code review and testing is hard, tedious, painstaking work.
Hard work with little or no glory in it. Hard work, that to be truly
effective, would have to be repeated with each new software release,
including regression testing, etc. Many, many man-months using a
*structured* approach, not ad-hoc-ery. I don't think that gets done.

But it gets worse yet. Not only do I think that, in general, open-source
testing mostly doesn't get done (except on a very hit and miss basis),
the problem is far worse for cryptographic code. Cryptographic code
requires special expertise, expertise in short supply. Here the "many
eyes" concept of open-source code inspection breaks down badly, since so
few of those eyes are qualified.

But it gets worse yet. As Ross Anderson (of Cambridge) points out in
several scholarly papers, open source opens the code to *both* white hats
and black hats, aiding both defence and offence. The black hats are
looking for exploitable flaws, and having the source code is a big help.
Worse yet, with crypto code, the black hats (e.g., the NSA) may have much
more motivation, much better-qualified people, and much bigger budgets
than the white hats. And, obviously, the black hats aren't going to
publish their findings.

But it gets worse yet. Open source review has some chance (not nearly as
good as is commonly thought IMHO) of winkling out bugs, but it is much
less likely to be effective at outing backdoors that have been created
and carefully disguised by skilled opponents (I'll answer objections
about JAP, etc. if called upon). The proof of how hard it can be to find
carefully crafted flaws in code (rather than ordinary unintentional ones)
is illustrated brilliantly by the annual "Underhanded C" contest. You
can stare for an hour at 20 lines of code, knowing that there is a bug
there, and exactly what kind of bug it is, and still not see it. If the
NSA has tens of thousands of lines of source code to sneak in a flaw I
have little doubt that the chances of it being outed by less than man-
years of careful inspection is damned near zero. Open source may work
for outing bugs, but outing good backdoors is a whole different game!

Ain't life a bitch?

Regards,

Nomen Nescio
11-28-08, 10:10 AM
jc wrote:

> Anonymous wrote:
> > nemo_outis wrote:
> >
> >> My personal preference (yes, even over Truecrypt) is closed-source
> >> commercial Bestcrypt Volume Encryption from Jetico (in Finland). Cutting
> >
> > 1. Bestcrypt isn't closed source, you ninny.
> >
>
> Read the BestCrypt license, it fails the open standard

<snip>

Who said it did?

My god you people are idiots. On one hand you have the mouth that
roared calling source that's open for public inspection "closed",
and on the other you have someone chiming in to tell the world
they're not bright enough to understand there's a whole range of
possibilities between closed source, and strict compliance to GNU
open source standards.

Absolutely amazing. No wonder Usenet is such a toilet.

Ari
11-28-08, 11:48 AM
Ari spoke Einsteinienaly:

>> "You can't trust code that you did not totally create yourself"
>> Ken Thompson "Reflections on Trusting Trust"

On Fri, 28 Nov 2008 14:32:16 GMT, nemo_outis wrote:

> Yes, the above paper - which everyone here should read! - makes a very
> powerful point.
>
> But it gets worse, much worse.
>
> Open source code is no panacea. First of all, I don't believe most open
> source code gets anything more than very cursory review - if even that.
> Oh sure, lots of people may briefly scan the code, a few people may look
> at a few small parts of it more intensively, and if a bug or anomaly pops
> up in use a few people may try to trace it back to the source code.
> That's about it though.

It's cost prohibitive, time prohibitive, less than stellar science and
****ing hard to do.

> Good thorough code review and testing is hard, tedious, painstaking work.

lol I should read ahead.

> Hard work with little or no glory in it. Hard work, that to be truly
> effective, would have to be repeated with each new software release,
> including regression testing, etc. Many, many man-months using a
> *structured* approach, not ad-hoc-ery. I don't think that gets done.
>
> But it gets worse yet. Not only do I think that, in general, open-source
> testing mostly doesn't get done (except on a very hit and miss basis),
> the problem is far worse for cryptographic code. Cryptographic code
> requires special expertise, expertise in short supply. Here the "many
> eyes" concept of open-source code inspection breaks down badly, since so
> few of those eyes are qualified.

Then you have to qualify the qualified to see if they are truly
qualified.

> But it gets worse yet. As Ross Anderson (of Cambridge) points out in
> several scholarly papers, open source opens the code to *both* white hats
> and black hats, aiding both defence and offence. The black hats are
> looking for exploitable flaws, and having the source code is a big help.
> Worse yet, with crypto code, the black hats (e.g., the NSA) may have much
> more motivation, much better-qualified people, and much bigger budgets
> than the white hats. And, obviously, the black hats aren't going to
> publish their findings.

Plus they can bring enormous pressure on the original coders since they
aren't the most moral of the rotting bunch of TLAs.

> But it gets worse yet. Open source review has some chance (not nearly as
> good as is commonly thought IMHO) of winkling out bugs, but it is much
> less likely to be effective at outing backdoors that have been created
> and carefully disguised by skilled opponents (I'll answer objections
> about JAP, etc. if called upon). The proof of how hard it can be to find
> carefully crafted flaws in code (rather than ordinary unintentional ones)
> is illustrated brilliantly by the annual "Underhanded C" contest. You
> can stare for an hour at 20 lines of code, knowing that there is a bug
> there, and exactly what kind of bug it is, and still not see it. If the
> NSA has tens of thousands of lines of source code to sneak in a flaw I
> have little doubt that the chances of it being outed by less than man-
> years of careful inspection is damned near zero. Open source may work
> for outing bugs, but outing good backdoors is a whole different game!
>
> Ain't life a bitch?
>
> Regards,

Your position and mine are about the same. The above may come off as a
rant but I am fully convinced of the excellent viciousness the NSA in
particular has their handiwork in code. The fact that it is nearly
impossible /if/ you went looking for a backdoor /to find one/ has to be
one of the goldenest ops for them to advantage.

Serious as a last heartbeat, I expect that they have capabilities in all
OS, all major financial transaction software, SAP, Oracle blah
blah...the fool is the not the one who believes *everything* is
compromised....then backs away to a more pratical POV..the fool is the
one who starts from "let's find where they have done their handiwork and
see if we can find some and progresses up that from that level of
naïveté.


--
Meet Ari!
http://tr.im/1fa3

Marty
11-28-08, 12:10 PM
On Fri, 28 Nov 2008 12:48:38 -0500, Ari
<DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote:

>>
>> Open source code is no panacea. [SNIP]
>
>> Hard work with little or no glory in it. [SNIP]
>>
>> Here the "many
>> eyes" concept of open-source code inspection breaks down badly, since so
>> few of those eyes are qualified. [SNIP]

>> The black hats are
>> looking for exploitable flaws, and having the source code is a big help. [SNIP]

In the meantime, Linux is growing and thriving. And for some reason
you don't need a new operating system to run new hardware - like
USB on Win9x because there is no driver available. Imagine that.


Marty

George Orwell
11-28-08, 12:23 PM
>
> But it gets worse yet. Open source review has some chance (not nearly as
> good as is commonly thought IMHO) of winkling out bugs, but it is much
> less likely to be effective at outing backdoors that have been created
> and carefully disguised by skilled opponents (I'll answer objections
> about JAP, etc. if called upon). The proof of how hard it can be to find
> carefully crafted flaws in code (rather than ordinary unintentional ones)
> is illustrated brilliantly by the annual "Underhanded C" contest. You
> can stare for an hour at 20 lines of code, knowing that there is a bug
> there, and exactly what kind of bug it is, and still not see it. If the
> NSA has tens of thousands of lines of source code to sneak in a flaw I
> have little doubt that the chances of it being outed by less than man-
> years of careful inspection is damned near zero. Open source may work
> for outing bugs, but outing good backdoors is a whole different game!
>
> Ain't life a bitch?
>
> Regards,

An interesting read. Scary too. Maybe I'll go back to OTP, using my
caesium decay for the RN source. Tedious, but no back doors and no
sneaky code. Unless god works for the NSA.

nemo_outis
11-28-08, 12:37 PM
Ari <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote in
news:ggpatm$uau$1@news.motzarella.org:

> Your position and mine are about the same.


Not quite.

I speak of how open source is not a panacea. Of how the *potential* of
open source for thorough review and testing is almost never *realized* -
especially for crypto programs. Of how bugs *may* be exploited and how
backdoors *might* be inserted and remain undetected in open-source code.
Of what the NSA and other adversaries *may* be doing.

But for many of the same reasons that support the *possiblity* of the NSA
doing such things, I can draw no conclusion whether (and/or to what
extent) they are *really* doing so. That would be speculation and
surmise.

However, depending on their threat model and risk and consequence
analysis, some parties *may* choose to base their precautions on
scenarios approaching such worst-case possibilities.

Regards,

PS The resources and capabilities of the NSA (and such), great as they
are, are limited and finite. I suspect (but, for obvious reasons, do not
know) that the NSA is very selective in which programs it compromises.
For instance, Windows would be extremely attractive because of its
ubiquity, and also because mechanisms like frequent updates provide
attractive paths for ongoing compromise in the face of new
opportunities/threats. Moreover Windows provides an avenue to compromise
any program run under it, including completely "clean" crypto programs.

Compromising all the many crypto programs out there individually would be
very difficult, even for the NSA (unless, say, AES has a flaw). So many
contacts with crypto companies/organizations would, for instance, carry a
high risk of disclosure.

However, putting out one "ostensibly very good" program cheap or free for
subsequent widespread adoption could easily be done by the NSA.
Truecrypt could, for example, be such a program. (I emphasize "could" -
I have absolutely no substantive evidence for this being true.)

nemo_outis
11-28-08, 12:48 PM
George Orwell <nobody@mixmaster.it> wrote in
news:64a9ae567d05254aa28829abd480fe15@mixmaster.it:

> An interesting read. Scary too. Maybe I'll go back to OTP, using my
> caesium decay for the RN source. Tedious, but no back doors and no
> sneaky code. Unless god works for the NSA.

Even OTP won't save you if your computer OS has been compromised.

As for crypto guarantees, I wouldn't accept one from God Himself except
maybe if I also had a non-compete agreement signed by the Devil :-)

Regards,

nemo_outis
11-28-08, 12:51 PM
Nomen Nescio <nobody@dizum.com> wrote in
news:751124944d936a1f05a0ade1767aa5da@dizum.com:

> Absolutely amazing. No wonder Usenet is such a toilet.

Thanks for adding your incremental turd.

anonymous
11-28-08, 03:15 PM
> George Orwell <nobody@mixmaster.it> wrote in
> news:64a9ae567d05254aa28829abd480fe15@mixmaster.it:
>
>> An interesting read. Scary too. Maybe I'll go back to OTP, using my
>> caesium decay for the RN source. Tedious, but no back doors and no
>> sneaky code. Unless god works for the NSA.
>
> Even OTP won't save you if your computer OS has been compromised.
>
> As for crypto guarantees, I wouldn't accept one from God Himself except
> maybe if I also had a non-compete agreement signed by the Devil :-)
>
> Regards,

Then you truly would have deceived yourself, making any agreement
with
the devil.

nemo_outis
11-28-08, 04:02 PM
anonymous <anon@domain.invalid> wrote in news:ggpn1e$6p5$1@news.mixmin.net:

> Then you truly would have deceived yourself, making any agreement
> with the devil.


My transactions with the Devil have been eminently satisfactory, those with
God considerably more problematic :-)

Regards,

anonymous
11-28-08, 04:07 PM
> anonymous <anon@domain.invalid> wrote in news:ggpn1e$6p5$1@news.mixmin.net:
>
>> Then you truly would have deceived yourself, making any agreement
>> with the devil.
>
>
> My transactions with the Devil have been eminently satisfactory, those with
> God considerably more problematic :-)
>
> Regards,

OOH, but the payment that is comming due!

nemo_outis
11-28-08, 05:19 PM
anonymous <anon@domain.invalid> wrote in
news:ggpq3p$a9r$1@news.mixmin.net:


>> My transactions with the Devil have been eminently satisfactory,
>> those with God considerably more problematic :-)
>>
>> Regards,
>
> OOH, but the payment that is comming due!

Voltaire on his deathbed was urged by an attending priest to renounce the
Devil. Voltaire replied, "Now is not a good time to be making new
enemies."

Regards,

Ari
11-28-08, 06:31 PM
On Fri, 28 Nov 2008 18:37:32 GMT, nemo_outis wrote:

> The resources and capabilities of the NSA (and such), great as they
> are, are limited and finite. I suspect (but, for obvious reasons, do not
> know) that the NSA is very selective in which programs it compromises.

So you don't think have my pink/baby blue tray icon "You're USB stick is
deep inside my 2.0 slot" notification tool is compromised?

> For instance, Windows would be extremely attractive because of its
> ubiquity, and also because mechanisms like frequent updates provide
> attractive paths for ongoing compromise in the face of new
> opportunities/threats. Moreover Windows provides an avenue to compromise
> any program run under it, including completely "clean" crypto programs.

I assume it is.

> Compromising all the many crypto programs out there individually would be
> very difficult, even for the NSA (unless, say, AES has a flaw). So many
> contacts with crypto companies/organizations would, for instance, carry a
> high risk of disclosure.

They could compromise four or five packages and get both wide
international results or one package which dominates an important
software/business sector. E.g. PROMIS

http://tr.im/1m3v

nemo, you know geographically that is my ole stompin' grounds.

> However, putting out one "ostensibly very good" program cheap or free for
> subsequent widespread adoption could easily be done by the NSA.
> Truecrypt could, for example, be such a program. (I emphasize "could" -
> I have absolutely no substantive evidence for this being true.)

How about Unix/Linux?
--
Meet Ari!
http://tr.im/1fa3

Ari
11-28-08, 06:33 PM
On Fri, 28 Nov 2008 18:10:25 GMT, Marty wrote:

> On Fri, 28 Nov 2008 12:48:38 -0500, Ari
> <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote:
>
>>>
>>> Open source code is no panacea. [SNIP]
>>
>>> Hard work with little or no glory in it. [SNIP]
>>>
>>> Here the "many
>>> eyes" concept of open-source code inspection breaks down badly, since so
>>> few of those eyes are qualified. [SNIP]
>
>>> The black hats are
>>> looking for exploitable flaws, and having the source code is a big help. [SNIP]
>
> In the meantime, Linux is growing and thriving. And for some reason
> you don't need a new operating system to run new hardware - like
> USB on Win9x because there is no driver available. Imagine that.
>
> Marty

McFly, if you don't think that distros of Linux can be comprmised,
you're delusional.

Imagine that.
--
Meet Ari!
http://tr.im/1fa3

grrrl germs
11-28-08, 07:08 PM
"Ari" <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote in message
news:ggq2ht$gut$1@news.motzarella.org...
> On Fri, 28 Nov 2008 18:37:32 GMT, nemo_outis wrote:
>
>> The resources and capabilities of the NSA (and such), great as they
>> are, are limited and finite. I suspect (but, for obvious reasons, do
>> not
>> know) that the NSA is very selective in which programs it compromises.
>
> So you don't think have my pink/baby blue tray icon "You're USB stick is
> deep inside my 2.0 slot" notification tool is compromised?
>
>> For instance, Windows would be extremely attractive because of its
>> ubiquity, and also because mechanisms like frequent updates provide
>> attractive paths for ongoing compromise in the face of new
>> opportunities/threats. Moreover Windows provides an avenue to
>> compromise
>> any program run under it, including completely "clean" crypto programs.
>
> I assume it is.
>
>> Compromising all the many crypto programs out there individually would
>> be
>> very difficult, even for the NSA (unless, say, AES has a flaw). So
>> many
>> contacts with crypto companies/organizations would, for instance, carry
>> a
>> high risk of disclosure.
>
> They could compromise four or five packages and get both wide
> international results or one package which dominates an important
> software/business sector. E.g. PROMIS
>
> http://tr.im/1m3v
>
> nemo, you know geographically that is my ole stompin' grounds.
>


wot ARE u talkin' about, mister? i bet its complicated. it looks
complicatred. today's gud news IS one bully in heer got OWNED and the
other got warned about Nic. did U kno that? i'm going to put it on my
blog. donald says U might have a crush on me ! R U nice? if U hav a
crush U can test it at DR LOVE's LOVECALCULATOR
http://www.lovecalculator.com/

U got 24 http://www.lovecalculator.com/love.php?name1=ari&name2=grrrlgerms
so U dont have a crush that means U can't be a PERV on me then. UR ok.
but a bit boring.
i checked out Alric Knebel (cos hes been STALKING me). we got 71
http://www.lovecalculator.com/love.php?name1=Alric+Knebel+&name2=grrrlgerms .
I think he's a PERV. i mean 71 is high. how high does it HAVE to be
before a perv attaks? U and Nic can protect me if U like.

i checked out BULLY bear bottoms and he got 11. maybe its becuase hes not
normal and wants to FLAGILATE me (that means whip) or bully me. is he
GAY? i mean theres nothing rong about someone being GAY as long as theyre
not homosexual.

im going to try that calculator on other people.



--

no invitations for the moment

Anonymous Remailer
11-30-08, 06:47 PM
nemo_outis wrote:

> anonymous <anon@domain.invalid> wrote in
> news:ggpq3p$a9r$1@news.mixmin.net:
>
>
> >> My transactions with the Devil have been eminently satisfactory,
> >> those with God considerably more problematic :-)
> >>
> >> Regards,
> >
> > OOH, but the payment that is comming due!
>
> Voltaire on his deathbed was urged by an attending priest to renounce the
> Devil. Voltaire replied, "Now is not a good time to be making new
> enemies."

It seems only fitting that one of the historical entities you
"connect" with enough to cite in defense of your asininity,
would happen to be one that rotted away, and eventually died, of
syphilis.

Nightmix-Remailer
11-30-08, 07:22 PM
nemo_outis wrote:

> Nomen Nescio <nobody@dizum.com> wrote in
> news:751124944d936a1f05a0ade1767aa5da@dizum.com:
>
> > Absolutely amazing. No wonder Usenet is such a toilet.
>
> Thanks for adding your incremental turd.

I notice you don't have the balls to refute the fact that you're a
congenital liar regarding the openness of Truecrypt source code, and
your idiot-savant is a congenital dimwit who actually thinks
there's a crumb of credibility to anything you say. No, you had to
snip and run from all that and make one of your failed attempts to
be cute, as cover. Didn't you kiddo.

That makes you an exposed coward, and me the Tidy Bowl Man.

That's right. Gotcha *again*, bitch. :-p

Gonna crumble into your usual pile of quivering "blither" spew for
us this time?
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. Please report spam or misuse to the remailer-operator:
<nightmix@fahr-zur-hoelle.org>

nemo_outis
11-30-08, 07:49 PM
Anonymous Remailer <mix@awxcnx.de> wrote in
news:778d831da5a05a873ad506f3a63d9505@awxcnx.de:

>> Voltaire on his deathbed was urged by an attending priest to renounce
>> the Devil. Voltaire replied, "Now is not a good time to be making
>> new enemies."
>
> It seems only fitting that one of the historical entities you
> "connect" with enough to cite in defense of your asininity,
> would happen to be one that rotted away, and eventually died, of
> syphilis.

You're a feckin' moron, and with this gem you've won the non-sequitur of
the week award!

Voltaire lived to 84 (a ripe old age for those days) and the cause of his
death was unspecified - there's not a hint of him having syphilis. Perhaps
in the muddled porridge of your brain you confused Voltaire with his
fictional character, Dr. Pangloss?

Regards,

nemo_outis
11-30-08, 07:51 PM
Nightmix-Remailer <spam_for_blackhole@nurfuerspam.de> wrote in
news:4EIR8FIP39783.0986226852@blackhole.org:

It's nice you have access to a computer down there at the home for the
feeble-minded.

Ari
12-01-08, 01:08 AM
On 1 Dec 2008 01:22:01 -0000, Nightmix-Remailer wrote:

> nemo_outis wrote:
>
>> Nomen Nescio <nobody@dizum.com> wrote in
>> news:751124944d936a1f05a0ade1767aa5da@dizum.com:
>>
>>> Absolutely amazing. No wonder Usenet is such a toilet.
>>
>> Thanks for adding your incremental turd.
>
> I notice you don't have the balls to refute the fact that you're a
> congenital liar

My God! nemo lied as a fetus! Nemo, you never told me! lol
--
Meet Ari!
http://tr.im/1fa3

Ari
12-01-08, 01:09 AM
On Mon, 01 Dec 2008 01:47:11 +0100, Anonymous Remailer wrote:

> nemo_outis wrote:
>
>> anonymous <anon@domain.invalid> wrote in
>> news:ggpq3p$a9r$1@news.mixmin.net:
>>
>>>> My transactions with the Devil have been eminently satisfactory,
>>>> those with God considerably more problematic :-)
>>>>
>>>> Regards,
>>>
>>> OOH, but the payment that is comming due!
>>
>> Voltaire on his deathbed was urged by an attending priest to renounce the
>> Devil. Voltaire replied, "Now is not a good time to be making new
>> enemies."
>
> It seems only fitting that one of the historical entities you
> "connect" with enough to cite in defense of your asininity,
> would happen to be one that rotted away, and eventually died, of
> syphilis.

BWAHAHAHAAAA. Your anonymous Google ****ed your history lesson up.
--
Meet Ari!
http://tr.im/1fa3

Nomen Nescio
12-01-08, 08:40 AM
nemo_outis wrote:

> Ari <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote in
> news:ggorap$nqi$1@news.motzarella.org:
>
> ...
> >> In short, there is NO substantive public evidence that Truecrypt's
> >> source code has been the subject of thorough review, nor is there any
> >> reason to rely on the credentials of the developers (since they
> >> remain anonymous). In that absence, using Truecrypt is an act of
> >> blind faith every bit as much (or more!) than using a closed-source
> >> encryption program.
>
> > "You can't trust code that you did not totally create yourself"
> > Ken Thompson "Reflections on Trusting Trust"
>
> Yes, the above paper - which everyone here should read! - makes a very
> powerful point.

If you're a moron. There's nothing wrong with trusting code someone
else wrote. individuals, businesses, and even governments do it
every day with no ill effects. The key is learning enough to know
WHICH code to trust and definitely not listening to idiots like you.

>
> But it gets worse, much worse.
>
> Open source code is no panacea.

Nobody ever said it was. It makes you feel like a grownup to lie
and try to make it sound like someone did, but it never happened.

Once again, open source is an additional barrier for bad or evil
code to overcome. The ideal would be poth public and private review.

> First of all, I don't believe most open
> source code gets anything more than very cursory review

Yeah, that's why the last two flaws in GnuPG were discovered by an
independent reviewer. And why the last SSL bug was discovered the
same way.

Never mind the fact that reality PROVES it works or anything, just
go ahead on and blither.

> Good thorough code review and testing is hard, tedious, painstaking work.

Wy do you suppose it is you have to pretend it's an either/or world
just to try and make a point?

Do you suppose you've had your ass handed to you over this before
and now your ego just won't let you sleep unless you spread this
sort of nonsense?

Of course that's it.

<rest snipped unread>

Non scrivetemi
12-01-08, 09:22 AM
nemo_outis wrote:

> Anonymous Remailer <mix@awxcnx.de> wrote in
> news:778d831da5a05a873ad506f3a63d9505@awxcnx.de:
>
> >> Voltaire on his deathbed was urged by an attending priest to renounce
> >> the Devil. Voltaire replied, "Now is not a good time to be making
> >> new enemies."
> >
> > It seems only fitting that one of the historical entities you
> > "connect" with enough to cite in defense of your asininity,
> > would happen to be one that rotted away, and eventually died, of
> > syphilis.
>
> You're a feckin' moron, and with this gem you've won the non-sequitur of
> the week award!
>
> Voltaire lived to 84 (a ripe old age for those days) and the cause of his
> death was unspecified

I see you're still having a fling with Wikipedia.

What an idiot you've become.

Dave U. Random
12-01-08, 09:32 AM
nemo_outis wrote:

> Ari <DROPTheJooseIsLoose@gmail.comCAPITALLETTERS> wrote in
> news:ggorap$nqi$1@news.motzarella.org:
>
> > "You can't trust code that you did not totally create yourself"
> > Ken Thompson "Reflections on Trusting Trust"
>
> I don't even trust code that I wrote :-)

Join the club.

Cyberiade.it Anonymous Remailer
12-01-08, 10:30 AM
nemo_outis wrote:

> Nightmix-Remailer <spam_for_blackhole@nurfuerspam.de> wrote in
> news:4EIR8FIP39783.0986226852@blackhole.org:
>
> It's nice you have access to a computer down there at the home for the
> feeble-minded.

I notice you don't have the balls to refute the fact that you're a
congenital liar regarding the openness of Truecrypt source code, and
your idiot-savant is a congenital dimwit who actually thinks
there's a crumb of credibility to anything you say. No, you had to
snip and run from all that and make one of your failed attempts to
be cute, as cover. Didn't you kiddo.

That makes you an exposed coward, and me the Tidy Bowl Man.

That's right. Gotcha *again*, bitch. :-p

Gonna crumble into your usual pile of quivering "blither" spew for
us this time?

nemo_outis
12-01-08, 11:30 AM
"Non scrivetemi" <nonscrivetemi@pboxmix.winstonsmith.info> wrote in
news:ca202cfc2ae0773ce7bb7d626578d71c@pboxmix.winstonsmith.info:

The whining mosquitoes are back. Swat!

nemo_outis
12-01-08, 11:30 AM
Dave U. Random <anonymous@anonymitaet-im-inter.net> wrote in
news:4bbaa80ca7a3b0c2d357556193d11fb1@anonymitaet-im-inter.net:

Swat!

nemo_outis
12-01-08, 11:30 AM
Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote in
news:999610dabdf12eba4e2166aa005ea5ad@remailer.cyberiade.it:

Swat!

nemo_outis
12-01-08, 11:35 AM
Nomen Nescio <nobody@dizum.com> wrote in
news:9a40691ce18694ce96b6bf57783460be@dizum.com:

>>> "You can't trust code that you did not totally create yourself"
>>> Ken Thompson "Reflections on Trusting Trust"

>> Yes, the above paper - which everyone here should read! - makes a
>> very powerful point.

> If you're a moron.

Dear, dear! What to do? What to do? Listen to K. Thompson - a giant of
computing, the recipient of the Turing Award, the corecipient (with
Ritchie) of the National Medal of Technology from President Clinton for co-
inventing the UNIX operating system and the C programming language - in his
paper published by the ACM, which is considered a classic of computer
literature, or instead to the whinings of an anonymous troll?

Back under your bridge, troll!

Anonymous Remailer (austria)
12-02-08, 08:30 AM
nemo_outis wrote:

> Cyberiade.it Anonymous Remailer <anonymous@remailer.cyberiade.it> wrote in
> news:999610dabdf12eba4e2166aa005ea5ad@remailer.cyberiade.it:
>
> Swat!

I notice you don't have the balls to refute the fact that you're a
congenital liar regarding the openness of Truecrypt source code, and
your idiot-savant is a congenital dimwit who actually thinks
there's a crumb of credibility to anything you say. No, you had to
snip and run from all that and make one of your failed attempts to
be cute, as cover. Didn't you kiddo.

That makes you an exposed coward, and me the Tidy Bowl Man.

That's right. Gotcha *again*, bitch. :-p

Gonna crumble into your usual pile of quivering "blither" spew for
us this time?

nemo_outis
12-02-08, 10:34 AM
Swat!

Anonymous Remailer (austria)
12-02-08, 02:12 PM
Ari wrote:

> On 1 Dec 2008 01:22:01 -0000, Nightmix-Remailer wrote:
>
> > nemo_outis wrote:
> >
> >> Nomen Nescio <nobody@dizum.com> wrote in
> >> news:751124944d936a1f05a0ade1767aa5da@dizum.com:
> >>
> >>> Absolutely amazing. No wonder Usenet is such a toilet.
> >>
> >> Thanks for adding your incremental turd.
> >
> > I notice you don't have the balls to refute the fact that you're a
> > congenital liar
>
> My God! nemo lied as a fetus! Nemo, you never told me! lol

Nah, he's just genetically incapable of telling the truth when
he's proved wrong about something because he mistakenly believes
he's saving face. Not quite so afflicted as a poor soul like you,
who's compelled to lie even when the truth sounds better, but the
same general sort of ******* in any case.

Anonymous Remailer
12-03-08, 12:33 AM
nemo_outis wrote:

> Swat!

I notice you don't have the balls to refute the fact that you're a
congenital liar regarding the openness of Truecrypt source code, and
your idiot-savant is a congenital dimwit who actually thinks
there's a crumb of credibility to anything you say. No, you had to
snip and run from all that and make one of your failed attempts to
be cute, as cover. Didn't you kiddo.

That makes you an exposed coward, and me the Tidy Bowl Man.

That's right. Gotcha *again*, bitch. :-p

Gonna crumble into your usual pile of quivering "blither" spew for
us this time?

Fred C Dobbs
12-03-08, 01:43 AM
In article <Xns9B6857461A26pqwertyu@69.16.185.247>
"nemo_outis" <abc@xyz.com> wrote:
>
> Swat!

Don't you mean "Twat!" ?

Because that's what you are!

nemo_outis
12-03-08, 10:05 AM
Swat!

nemo_outis
12-03-08, 10:05 AM
Swat!