Leaking the file size (Issue 2.2) is due to the way EncFS is architected to work at a file granularity. Adding some random bytes or rounding up to the next block size are small improvements but still leak approximate file size. I don't think anyone would like their 5KB file to occupy 2GB on disk so EncFS sacrifices some level of privacy for practicality. On the flip side this design tradeoff allows EncFS to be used somewhat effectively on top of cloud storage services like Dropbox/GoogleDrive etc. whereas full disk encryption schemes don't work as well.
Issue 2.2 has nothing to do with leaking the file size. It has to do with the encryption algorithm used.
Most modern encryption schemes operate on blocks of a certain fixed size, but if the file isn't a multiple of the block size, you have to do something special with the last block. EncFS apparently uses some made-up scheme for this, instead of using something more standard and well-understood. The common choices would be padding and ciphertext stealing.
AI: That's so awesome! I love learning subsystems! Can I help you with it? I can't believe the point of my existence happens to be the thing I love most in the world! By the way, what's the point of your existence?
Creator: I don't know. Some people think there isn't one.
What about isolation? With heavy use of virtualization one can make the air gapped machine even more secure:
- Only open documents in a virtual machine
- Only interface with the document transfer media (cd/dvd etc.) through virtual machines. Don't ever mount or use this media on your host.
- Clone a new throw-away virtual machine for opening EACH document and delete it after reading the document
About his points:
1) This is nonsense. It's possible to set up an OS (for example linux) with zero internet connectivity, just download the ISO on another computer, verify checksums and signatures, burn onto optical media and you're set.
8) Also, use one-time media. Write once on the internet host, fill up and finalize media, read once on the air gap host, destroy media.
Also, I don't think Schneier is recommending to use Windows for this task. He's just assuming that most people out there is using Windows and can use these tips to improve their security. For his own high security setup(s) I'm pretty sure he'd have the common sense to not use Windows.
GNOME 3.8 has been available on Gentoo in various forms since April - first in the gnome overlay, then hardmasked in the portage tree, then unmasked into unstable/testing ie. ~arch. The (one month old) gentoo-dev thread that the blog author referred to is talking about the stabilization of GNOME 3.8, which is the tier used by the most conservative users who have chosen to only use well-tested software that is known to build/run well on their architecture and has received ample testing. This is not very different from binary distributions, Ubuntu 13.04 shipped on April 2013 with GNOME 3.6 from Sep 2012.
I have, in fact, seen a potential design for a time machine which violates no known laws of physics and could take you back in time only as far as the point where the machine itself was built. This would prevent the "patent filing leapfrog" that you are talking about.
Before anyone wonders why this machine has not been built, it requires a rapidly rotating rod, several light years long, about the diameter of the Sun. To travel in time you need to orbit the rod at extremely high speed, and your direction relative to the spin of the rod determines which direction you travel through time.
In theory it should work. But reducing theory to practice is somewhat beyond our current means. :-)
It was a paper I was shown by a professor over 20 years ago. Said professor is now long-retired and I do not have the paper.
As he described it to me then, the paper presented an exact solution with an infinite bar, and then heuristic arguments that a very long but finite bar would demonstrate the same effects. The underlying mechanism is, of course, the result of a form of frame dragging.
The professor who showed it to me said that he was convinced that the math in the infinite model was correct, and was still deciding if he was convinced by the heuristic argument.
Googling quickly, http://en.wikipedia.org/wiki/Ronald_Mallett describes a similar scheme, which might even be the same one. Whether or not it is the same, the 1992 paper from Hawking that was discussed would show that the heuristic argument is wrong. However since I was shown this paper while I was in undergrad, Hawking's paper would not have come out yet, and the professor who showed it to me can not be faulted for not having found the necessary flaw.
It does take some tinkering to get things setup right, but on my Asus Zenbook UX32VD I do get ~5 hours of battery life for simple usage, which is the same as the advertised battery life with Windows. This is running Ubuntu 13.04 with the latest linux kernel (3.9.6 atm), laptop-mode, bbswitch to turn off the discrete graphics card, power saving mode on for the wifi card etc.
IMO its paramount to be running recent kernels, both for good battery life as well as compatibility with the latest hardware.
Agreed. With just a bit of tweaking I have my x220 using around 8 watts with average use, getting 10+ hours. Windows only gets around 8 hours on the same system.
This looks like a post from years ago. I'm suspicious that this guy is just a windows apologist looking to spread FUD.
I bought Samsung's 900X and installed FreeBSD on it. I could tweak it and get 4+ hours of play on it. But it involved tweaking with the config params a lot and worrying what I'm about to run, will it have enough power, what settings to turn on, what to disable.
So yes, I'd like to have a good laptop, with a long battery life that supports open source/free software OSs but I'd also like some convenience too.
I have an IBM x60, x61 tablet and several recent Asus lappys, all had terrible battery life out of the box under several different distros. After fiddling they all had _better_ life but nowhere near what I got under xp 7 or 8.
It's great if the HN community can config their OSes to get every watt out of it, but the truth is the lay man doesn't know, doesn't care and doesn't want to know how to do that...
> It's great if the HN community can config their OSes to get every watt out of it, but the truth is the lay man doesn't know, doesn't care and doesn't want to know how to do that...
How is this even relevant? We are the HN community, right? Where are these lay men? I don't think the OP as targeted at lay men.
I'm starting to think all this talk of "the end user doesn't care" or "the lay man doesn't want to know" are all just euphemisms for "I want it to be easier for me".
Which is fine, but then just admit it, instead of hiding behind a hypothetical end-user.
I have got an x200 too, and i am between 5 and 10 hours depending mainly on screen brightness and software run. I have no idea how much i'd get on windows, as i never used it on this hardware.
Long time Gentoo user (almost 10 years) here. I'll admit that it is NOT a distribution for everyone, tailored more towards power users and tinkerers in general, but for me it is the ideal distribution. Here are a few reasons why I think Gentoo is great:
* Customizability / minimalism: Binary distributions usually come with tons of packages compiled with all kinds of bells and whistles, and often times make choices for you like what init system to use, what DE/WM to use, heck even what kernel to use. They are customizable to a degree, ie. you can install additional DE's after the fact, but not as much as Gentoo, which puts you in control of exactly what should be installed, and exactly what options to turn on. On a machine without bluetooth? Don't compile any bluetooth support into any libs/apps, not even in the kernel. Gentoo allows you to build a custom-tailored minimal software bundle for your exact hardware.
* Bleeding edge: Being a rolling release distribution, you get to experience the latest and greatest of open source software as it is being developed. Admittedly Gentoo has fallen behind lately on some areas due to not having as many active maintainers as it once used to, but for most areas it is still as bleeding edge as you can get (probably behind Arch overall). GNOME 3.8.2 became available the next day after its release, I'd say that is pretty bleeding edge.
* Documentation: The Gentoo forums and wiki are a great source of information for any general linux desktop (and server) issues. Arch has taken over in terms of having the majority of the mindshare, but I view both distributions' forums/wikis as the primary source of informed discussion on desktop linux topics.
* Speed: Not everyone is into -Oomg-optimized ricing, but for people who are, few other distributions will let you use custom CFLAGS all around and push your hardware truly to the limit.
