Re: key question

2010-03-17 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Wednesday 17 March 2010 at 12:58:37 AM, in
, reynt0
wrote:


> On Mon, 15 Mar 2010 14:49:32 + MFPA wrote:   . . .
>> When the reader is Big Brother, or a potential
>> employer or blackmailer etc., that might matter. When
>> the reader is a random stranger, I prefer to think it
>> doesn't. I'm confident I don't post anything that
>> should prompt anybody to identify and come after me.
>   . . .

> Of course, if only one person subscribed to the list is
> using a gmail address, Google will have the opportunity
> to run their analytical algorithms on all posts, and
> add information they find about content, interests,
> attitudes, etc to the profiles they try to maintain
> about everyone in the known universe.

Unfortunately, even if nobody subscribes to the list with a gmail
address we have no way of knowing if anybody archives their mail to
one. Anyway, the list archives are available various places on the
internet, some of which don't make the best job of hiding people's
email addresses; Google (or anybody else) have the opportunity to
analyse the posts there.



> And isn't their
> business model based on making all that info
> conveniently usable for  anyone in the known or unknown
> universe who has a few dollars to partner with them or
> maybe even just plain pay for it?

Yes, their old "don't be evil" motto should have been suffixed with
"(do as we say, not as we do)." (-;

Unfortunately, refusing to email people on gmail addresses, as
advocated at www.google-watch.org/gmail.html and other places is
ineffective, since the recipient can simply give you a different
address and set it to forward to their gmail account.

Using https://ssl.scroogle.org/cgi-bin/nbbwssl.cgi rather than
www.google.com  as your search site feels as if it should be more
private but scroogle's lack of anything labelled "privacy policy" is
of concern.



> I have been appreciating the comments by MFPA (who
> seems to be in England?, a country with its own
> problems about personal privacy, cf
> www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597
> ) as an expression of careful fastidiousness about
> privacy.

Yes, we are spied on by all sorts of entities, from police and local
government to agencies of the national government to private entities
running petrol stations, car parks, shopping centres, etc. I always
think the correct response to seeing a sign like, "this forecourt is
monitored by CCTV with ANPR," would be to cover your number plates
before entering and uncover them after leaving.

We are routinely asked for completely irrelevant personal details when
signing up for utility or banking services or when applying for a job,
and many people are still daft enough to supply them without question.

As well as spying on us, the UK government and its agencies have a
record of not protecting the information it holds. See, for example,
http://news.bbc.co.uk/1/hi/7103566.stm
http://www.securitypark.co.uk/security_article263344.html
http://news.bbc.co.uk/1/hi/7704611.stm
http://www.computing.co.uk/computing/news/2229271/176-government-breaches
http://news.softpedia.com/news/Yet-Another-Data-Leak-from-the-UK-Ministry-of-Defense-94403.shtml

These breaches alone make it vital to be as careful as reasonably
possible when sharing your personal information, and not to share
anything the other party cannot demonstrate is necessary. Giving a
unique email address each time, for example, helps to identify who is
failing to safeguard your data and should not be trusted.



- --
Best regards

MFPAmailto:expires2...@ymail.com

Don't cry because it is over - smile because it happened
-BEGIN PGP SIGNATURE-

iQCVAwUBS6E54aipC46tDG5pAQoh8QQAk75SZm2x2+t/+9AtUzYQ8vJRKEmA7E4I
K0yLgZKblIVcE8tfO2ZvPM3gS8sYAV8Suxj0Y2mila0aVjIH/YF1OEGVlf7FATv4
JHXZ91x/S4N53z67tiSbsz/YgMoKJRSd67md9oPhJDCAKaor30y02xou0fcy9veq
SaO7qHDA9/Q=
=fVEB
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Where to find g13?

2010-03-17 Thread C. Andrews Lavarre 
Hello. Can someone please show me a link to download and install *G13*,
the LUKS replacement? Alternatively, would you suggest an exit to the
quagmire below... Extensive googling has not succeeded.

I am on OpenSuSE 11.2 (kernel 2.6.31.12-0.1-default) with their
selection of GPG 1.2.0.12-2.3. I've tried upgrading directly from
gnupg.org and end up with the same version.

I'm trying to install OpenVAS and Nessus. Both fail with the installed
gpgme 1.2.0-2.5.

Googling tells me that gpgme 1.1.18 works, but I haven't been able to
find that, although I *have* obtained gpgme 1.3.0 source.

Compiling gpgme 1.3.0 from source fails with a warning that g13 is not
available. I cannot find a copy on my system or in its repositories.

It is just a *configure* warning, so I can proceed to *make*, but then
that then fails with
error: assuan.h: No such file or directory

We load libassuan and try again. But it still fails.

So I'm getting nowhere fast.

Thanks in advance, Andy

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Corrupted File

2010-03-17 Thread Paul Richard Ramer 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hello James,

On Mon, 15 Mar 2010 18:02:41 -0700 (PDT) James Board wrote:
> I have a fairly large file (about 10 mbytes) that was corrupted on 
disk.  About 5-10 pages of the file (4096-byte blocks) were lost and
set to zero.  The file is a PGP encryption of a another file which
is a 'tar' file of other smaller ASCII text files.
> 
> I would like to decrypt as much of this file as possible.  I know 
with several blank pages, I can never fully recover the file.  However,
most of the data is still legitimate.  Is it possible to recover it
with the gpg tools?  To this point, I had been using the older PGP 5.0
version, but I can try gpg if it can decrypt most of the file.

Have you tried decrypting the file with either PGP or GnuPG?  Also,
where in the file is the corruption?

If the head of the file is corrupted, then you won't get your data back.
 The reason why is that with an OpenPGP message the file is encrypted
with a symmetric encryption key (a.k.a. session key), and then the
symmetric key is encrypted with the recipient's asymmetric encryption
key (a.k.a. public key) and stored in a "packet" inside the encrypted
file.  This packet precedes the data packet, which contains the
encrypted data.

An OpenPGP message would look something like this:

++
| Various packets, including | <--- Without this ...
|session key packet  |
++
||
|   Data packet  | <--- ... you can't decrypt that.
||
++

However, if only the data packet is damaged, you may be able to get some
of the data back.  I experimented with this by using a tar file of a few
ASCII files in order to simulate your situation.  I corrupted the
beginning of the file, and gpg couldn't recognize it as an OpenPGP
message.  Then I tried corrupting some of the end of the file, and I
could successfully decrypt and extract the text files from the tar file.
 Out of four text files in the tar file, three were good and the last
was damaged too badly to understand what its original content was.

Restoring from a backup would be best, if you have one.  Also, if
anything that I said was unclear to you, just let me know.


- -Paul

- --
New Windows 7: Double the DRM, Double the fun! Learn more:


+-+
| PGP Key ID: 0x3DB6D884  |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQGcBAEBCAAGBQJLobCPAAoJEJhBiuhgbQLI3QYL/0EWtWOc/0AC01jOD/uEW27O
8CJkSM0qJaDQQB+oCUeDsPUIWcX6si2v90+dpFvl7ecMi0x/aizSdVjWC9Pd6/u2
X+JWKsHw/2OKG7yKcgpozwSwdOP8fi1FjGkcKllnWrYbT0GC3G0ewCxidqs5aG4p
zsojJ6pmkfqlHdw5HYreJlmBS8MGujDy48Z5hY5xhgbDboTbZoSdyWarQfOODLYR
9zYh8bOKv8oDjCMcoQuexfwxAOn9y8YdxTiunqAcW026NfZ32d4C3X0xjYCAzja8
DkGzuKtipreEG1amKG0JO44TY8hb/6/BkGNQAl4BwonGgWXEWbiWCe7OJdq77FEJ
GE3wdG3T7cgi6P6TuafUm3OOL36Ay9xwBe901OfM5qW/yH9QoIJ9+5y2Ibi9fiqF
JISIA3XFC40bvybizLV7kU1YP52g+g0H8QDbuv97Ssxg27MHUE8cuQT2LzOEnbQN
/NSG2W3a/Y4FmaFDr5GZrQVLk3Rt52zu9Gz+RR824A==
=eLxS
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Science News on statistics

2010-03-17 Thread Robert J. Hansen 
A while ago we had a discussion here about the use of statistics ---
particularly, Type II error rates.  It turns out that /Science News/ has
a pretty good article on statistics and its limitations
. 
It's accessible to the layman: it might be a little much to swallow in
places, but by and large if you survived high school math you'll survive
the article.

If you don't want to click on the embedded link (and who could blame
you), then C&P this link:

http://www.sciencenews.org/view/feature/id/57091/title/Odds_Are,_Its_Wrong




smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users