posted by
martyb
on Sunday August 24 2014, @12:48PM
from the Sic8:)3(ub)74yg77dih5fhj,7(<{~€FYI)(7(ghintfFyg dept.
from the Sic8:)3(ub)74yg77dih5fhj,7(<{~€FYI)(7(ghintfFyg dept.
"A new disk encryption program for Windows has been released for beta testing. It claims to be compatible with Linux encryption and — unlike Truecrypt — is fully maintained. From the announcement:
Features
- Full transparent encryption, DoxBoxes appear as removable disks in Windows Explorer.
- Explorer mode lets you access DoxBoxes when you don't have admin permissions.
- Compatible with Linux encryption, Cryptoloop "losetup", dm-crypt, and LUKS. Linux shell scripts support deniable encryption on Linux.
- Supports smartcards and security tokens.
- Optional 'key files' let you use a thumb-drive as a key.
- Portable mode doesn't need to be installed and leaves little trace on 3rd party PCs
- Deniable encryption protects you from 'rubber hose cryptography'.
This discussion has been archived.
No new comments can be posted.
DoxBox: Open-Source Disk Encryption for Windows
|
Log In/Create an Account
| Top
| 48 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 3, Funny) by d on Sunday August 24 2014, @12:53PM
Awesome! LUKS support was what I was missing so much in Truecrypt before. Now I'll just push all my friends to use that and I will be able to use the same USB key under Windows and Linux, right?
(Score: 3, Informative) by d on Sunday August 24 2014, @12:57PM
On the other hand, I just checked out the source code. Mostly written in Pascal, repo being maintained since June 19 with only 67 commits with cryptic descriptions, no unit tests... doesn't really sound that solid right now.
(Score: 2) by maxwell demon on Sunday August 24 2014, @01:01PM
From a security standpoint, I'd consider that a good thing: Pascal has far fewer ways to screw up than C has.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by d on Sunday August 24 2014, @01:03PM
The drivers are in C though.
(Score: 1) by Horse With Stripes on Sunday August 24 2014, @05:16PM
Clearly you've never seen me write Pascal ;-)
(Score: 5, Informative) by tdk on Sunday August 24 2014, @02:41PM
It is a development of a project that has been going since 2004 (FreeOTFE [wikipedia.org]).
The tests of the GUI are in various 'test' [github.com] projects rather than the main GUI.
Just because someone doesn't use a test framework doesn't mean they're not testing ;-)
There are also a set of 'command line utilities' to test the drivers, and a few examples [github.com] of calling them in the documentation, although I admit this is not well documented.
In addition, there is also a a user interface which processes encryption test vectors and shows the result, that you can compare with against test data provided by cypher developers
I don't know why the number of commits (opposed to their size) is important.
Some devs checkin like a teenagers sex life - quick and often.
I am one of those people who only checks in when I am sure it works - i.e. few, but big checkins,
Delphi is still by far the best IDE for reliable apps. In my day job we develop safety related and safety critical programs, and we use Delphi when we can, and C otherwise.
If you find any specific examples of it not being solid, please let me know.
Take back your internet [squte.com]
(Score: 1) by Justin Case on Sunday August 24 2014, @02:48PM
> If you find any specific examples of it not being solid, please let me know.
Sure. Can you define the term 'rubber hose cryptography' for starters?
BTW thanks for being here. But as I stated elsewhere, what little I've seen of your work does not assure me that you have the obsessive attention to detail necessary for crypto coding.
(Score: 4, Interesting) by tdk on Sunday August 24 2014, @07:42PM
If you do, you can let me know on the github issues tracker [github.com], the forum [squte.com] or here [soylentnews.org].
It's a common term in cryptography. Here's [xkcd.com] a description
Fortunately I have other goals in life than assuring you of things.
If you ever find any specific evidence for your vague assertions that I "[lack] precise thinking and writing" and "you [do not] have the obsessive attention to detail necessary", please let me know.
Take back your internet [squte.com]
(Score: 1) by Justin Case on Monday August 25 2014, @12:02PM
>> Can you define the term 'rubber hose cryptography' for starters?
> It's a common term in cryptography.
No it isn't. Rubber hose decryption is what you meant, as other posters have pointed out, but you still didn't notice.
>> does not assure me that you have the obsessive attention to detail necessary for crypto coding
> Fortunately I have other goals in life than assuring you of things. If you ever find any specific evidence for your vague assertions that I "[lack] precise thinking and writing" and "you [do not] have the obsessive attention to detail necessary", please let me know.
This isn't about whether you're good enough for me as you keep implying. This is about whether you are good enough for crypto. Someone who confuses the terms "cryptography" and "decryption" when writing English seems more likely to make similar mistakes when writing code.
I diagnose that as imprecise writing and lack of attention to detail -- personality characteristics common to most humans, including myself sometimes. Not the personality characteristics you look for in a crypto coder. And no, I'm not holding my code out to the world saying this is good enough for crypto. You are. So expect to be scrutinized, especially in the post-Snowden world.
So your "specific evidence" is right there in the post where you ask for "specific evidence" and you didn't see it even after being called on it.
(Score: 2) by cykros on Monday August 25 2014, @10:57PM
If we want to get really anal about the correct terminology, it's "rubber hose cryptanalysis" [wikipedia.org].
(Score: 1) by pk on Tuesday August 26 2014, @02:34AM
I think that would be real evidence to back up your assertions. Probably take some work though, and it isn't nearly as fun as being a troll on a website.
(Score: 2) by tdk on Tuesday August 26 2014, @08:08PM
"rubber hose decryption" [google.co.uk] gets gets 7000 hits on google. "rubber hose cryptography" [google.co.uk] gets 49000 hits, so is by far the more common term.
At the time I posted it no other posters had claimed anything of the kind on this thread (AFAIK).
The exact phrase is irrelevant. Googling "rubber hose cryptography" and following any of the top 10 results would tell you the meaning.
The implication of what you wrote was that it was a specific example of the project not being solid. I can't see how not defining a term common in cryptography and letting people look it up if they don't know it, counts as an example of the project not being solid.
I replied to your point:
If you're going to imply I owe you any assurances, I'm going to point out I don't.
I said it once. I hope you can see why it might be an idea not to accuse other people of 'imprecise writing and thinking' so readily.
And I have done nothing like that.
No I'm not. I am announcing a crypto product. You are the one that's claiming that means that I owe you proof of my personality.
And I think this is the problem. The normal way to assess code quality is to review and test the code, not to subject coders to armchair psychological analysis desperately trying to find personality flaws based on nothing but the phrasing of their project announcement.
The irony is if you'd spent the same amount of time reviewing the code as you have attempting to pathologize me, you might have actually found something worth talking about.
Take back your internet [squte.com]
(Score: 2) by cykros on Monday August 25 2014, @10:54PM
Sure. Can you define the term 'rubber hose cryptography' for starters?
You must be new [xkcd.com] here.
(Score: 3, Interesting) by Common Joe on Sunday August 24 2014, @07:30PM
A bit of a rough crowd here, huh? Well, I applaud you for what you're doing.
It looks like you're looking for help. I'm not the right person to do so, but it looks like you're trying to poke your nose in the right spots and keeping everything open source is a great thing. I certainly hope you find the right help because I'd like to see some competitors to TrueCrypt so we don't see the debacle that we saw happen a few months ago.
On a personal note: I understand why you didn't release bits and pieces of code. You take a pet project for a while, get it to a place where you feel comfortable with it and release it to the world. I have a pet project I'm working on. I have no idea if I'll ever finish it but I'd love to release it to the world when it is more complete. It is also designed to be cross compatible between Windows and Linux -- not something many people tackle. Interestingly enough, I'll need a form of encryption for what I want to do. An idea is to be able to swap out the encryption programs easily based on what the user wants. I'll be keeping a close eye on your project for my needs. I will, of course, adhere to the licensing requirements and give proper credit.
Speaking of which, what license is this released under? At a casual glance, I didn't see what the license is supposed to be. Make sure that info is easy to find.
Again, thank you!
(Score: 3, Interesting) by tdk on Sunday August 24 2014, @08:37PM
Thank you. I think people just feel betrayed by what happened with Truecrypt and don't want the same thing to happen again.
Well, given the flaming I'm getting by donating this when I did, I dread to think might have happened if I'd released it earlier ;-)
The advantage of on-the-fly encryption is that it's completely transparent, your program just saves to disk and it's encrypted.
It's here [github.com]
Take back your internet [squte.com]
(Score: 0) by Anonymous Coward on Monday August 25 2014, @04:14AM
Please ignore the idiots who have little to contribute other than invalid complaints.
You can ignore those who complain about it being for windows or containing Delphi code for a start.
And those who complain about "wizards", or about it being a one person project with no peer review when the source code is being released.
They are idiots, trolls or tools. Don't even waste your time responding to them.
(Score: 2) by tdk on Tuesday August 26 2014, @09:44PM
Thanks for your support. It's a little disconcerting when you put a lot of effort into something for other peoples benefit, and some of them respond by attacking you. No good deed goes unpunished, as they say.
I'm remembering some of the lessons from when I used Usenet a lot, like "don't feed the trolls'".
Take back your internet [squte.com]
(Score: 4, Informative) by d on Sunday August 24 2014, @09:19PM
Well, given the flaming I'm getting by donating this when I did, I dread to think might have happened if I'd released it earlier ;-)
Since I feel I kind of contributed to this "flaming", let me apologize. When I'm evaluating if a program is trustworthy, one of the metrics I use is my own intuition of how clean the infrastructure feels. I couldn't see the tests, which made me feel suspicious. Uncommon programming language makes contributing more difficult as well. This doesn't mean that the project is doomed, it's just that this is how I try to estimate the project quality. Now that I read that you were all alone coding this thing, I look at this a bit differently.
I don't know why the number of commits (opposed to their size) is important.
Some devs checkin like a teenagers sex life - quick and often.
I am one of those people who only checks in when I am sure it works - i.e. few, but big checkins,
Because if I was interested in developing this project or understanding how it works, a proper VCS history would help me a lot. When you make your commits atomic, while reading the history (or looking for a particular change), I can skip the commits whose description is unrelated to what I am looking for. Also, git-revert is much easier this way. You can still push only batches of commits of whose inner workings you're confident about, but splitting the commits really helps readability.
(Score: 2) by tdk on Wednesday August 27 2014, @09:01AM
OK, I understand about git. The reason for this is that I am used to using older VCS systems.
Take back your internet [squte.com]
(Score: 3, Informative) by Marand on Monday August 25 2014, @01:10AM
First off, good for you! I noticed a while back that FreeOTFE was dead, so it's nice that someone picked it up again.
Second, a question: what are you doing about Windows' inane driver signing policies in newer versions of the OS? It's what basically ruined FreeOTFE in the first place. When I tried using it in the past, FreeOTFE was completely useless without test mode, but you're claiming that for your fork, it's only needed for portable-mode, and not if installed properly.
Your FAQ states that you've not signed the drivers, so what's changed? Did Microsoft relent on their driver signing policy in the past couple years, or are you using some kind of workaround? (I ask rather than test myself because my primary OS is not Windows)
(Score: 2) by tdk on Wednesday August 27 2014, @09:06AM
I haven't fixed the problem, just added a workaround.
The installer automatically puts Windows into "test mode". This is the reason you still have to do it in Portable mode (via a menu).
This means you get the text "Test Mode" on the desktop, although there are ways of removing it.
Take back your internet [squte.com]
(Score: 2) by zafiro17 on Monday August 25 2014, @09:27AM
Congrats, man! I don't have any snarky criticism to provide, and I can't offer to help, either. But I'm thrilled people like you are taking the initiative to generate creative solutions to important problems. I'm a fan of Squte and I wish you all the best of luck in making doxbox into something huge and useful.
Actually, feature request: your docs are encrypted and protected, but if ever an NSA agent is able to crack the encryption s/he gets a mild electric shock to the gonads. That would be an awesome feature! The Linux version could vary the payload depending on which distro you use.
Dad always thought laughter was the best medicine, which I guess is why several of us died of tuberculosis - Jack Handey
(Score: 2) by tdk on Wednesday August 27 2014, @09:08AM
you're welcome
Take back your internet [squte.com]
(Score: 3, Insightful) by maxwell demon on Sunday August 24 2014, @12:59PM
I don't think so. For those likely to employ "rubber hose cryptanalysis" there are the following possibilities:
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Funny) by d on Sunday August 24 2014, @01:01PM
Obligatory XKCD: https://xkcd.com/538/ [xkcd.com]
On the other hand, if you use deniable encryption and bring your laptop to the conference, you CAN claim that the basically empty hard drive is just a result of your cleaning up before leaving the country. A hidden volume with a just-reinstalled operating system could probably work there.
(Score: 2) by maxwell demon on Sunday August 24 2014, @01:07PM
Of course you could also bring an actually empty (up to the OS) laptop to the conference, and then VPN home to load all that data you don't want the border control to see.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by davester666 on Sunday August 24 2014, @06:15PM
Except for the determined border guard, there is no difference. And no penalty for being wrong.
(Score: 1) by richtopia on Sunday August 24 2014, @04:19PM
You need to be present for the wrench to work.
If my laptop is lost/stolen/confiscated, it is encrypted so I don't need to worry about my company's IP ending up in the wrong hands.
It helps that that IP, while it shouldn't get out, would only be unpleasant if the wrong people saw it. This is my justification for continuing to run TrueCrypt. Even if it is compromised in the future you will need to know what you are doing to get the contents of my hard drive.
I do wish this project the best, and hopefully I'll be able to use it when I am moved to a new laptop next.
(Score: 2) by cafebabe on Sunday August 24 2014, @01:19PM
Could I have a system which doesn't have deniable encryption? I just want to encrypt stuff. I don't want to get involved in mind games which may cause physical pain or permanent injury.
1702845791×2
(Score: 0) by Anonymous Coward on Sunday August 24 2014, @03:37PM
Why can't you just not use the deniable encryption? If you're not in a position where it's important to have, it doesn't matter if it's there.
(Score: 4, Informative) by cafebabe on Sunday August 24 2014, @04:03PM
If I fail to use "deniable" encryption then I may be subject to seven years in prison and/or a 100,000 Euro fine when I visit different jurisdictions [wikipedia.org].
1702845791×2
(Score: 2, Interesting) by Justin Case on Sunday August 24 2014, @01:42PM
More than any other type of software (where bugs are easier to spot) encryption requires precise thinking and writing. I'm skeptical whether that can be found here:
> Easy to use, with a 'wizard'
The human is the weak link in almost any security technology, encryption more so. If you don't understand the tool, threats, and defenses, no "wizard" can make you secure.
> Linux shell scripts support deniable encryption on Linux.
Linux shell scripts support damn near everything on Linux. Since this is a Windows product, what exactly is he trying to say here? Yes "he" not "they" because
> DoxBox does not support encryption of the operating system partition, for this **I** recommend Ubuntu Linux.
This is a one-person project? No peer review? And BTW if your OS partition is not encrypted, you can rest assured Windows will shit your secrets all over it. So refer back to item #1 about the clueless user and No Magic Security.
> leaves little trace on 3rd party PCs
Little trace or no trace? "Yes your honor we only found a little bit of his manifesto."
> There is a security flaw in the use of hidden volumes. If you create hidden volumes they may be visible to an attacker.
I give up.
Oh and the web site has several abominations, but then who doesn't these days?
(Score: 2) by present_arms on Sunday August 24 2014, @02:25PM
Personally I wouldn't recommend Ubuntu for anything. There are much better Distros out there
http://trinity.mypclinuxos.com/
(Score: 5, Informative) by tdk on Sunday August 24 2014, @03:41PM
Sorry my thinking is too imprecise for you. Please accept my apologies.
This is a strawman.
The issue is that there are numerous options in any sufficiently powerful encryption program, choosing the wrong options can harm your security. Most people won't want to research the best cyphers hashes etc to use. In this case a wizard that selects good defaults ensures that the typical user has better security than if they had to choose everything themselves.
In addition an easy interface will make the difference between many people using it or not. Using encryption without fully understanding the threats is better than not using it at all.
I thought it was clear. Other people don't seem to have a problem understanding this.
Linux has native encryption schemes. DoxBox can open containers (files, partitions, discs) created with these schemes under windows.
Provided you use a filesystem understood by both OSs, you can move data on USB sticks, dropbox, etc, between OSs without having to decrypt it.
This also applies to hidden containers ('deniable encryption').
This isn't a secret. The number of developers is listed on GitHub. Would you be happier if I used the 'Royal we'?
Anyone serious about security will use a locked down Linux box with full disc encryption. In fact that is what I implied.
Nevertheless, some people still want to use Windows, want more security than they would get if they didn't encrypt anything, but are prepared to accept less than if they used fully encrypted Linux - for the sake of convenience.
DoxBox gives those people an option they wouldn't have otherwise.
See the FAQ for why I don't think fully encrypted Windows is a good compromise.
There is a misunderstanding here. Perhaps its my 'imprecise thinking' confusing you again?
The 'trace' is the evidence that DoxBox (portable) was run. Nothing to do with the contents of the encrypted DoxBox.
If your manifesto is stored on the DoxBox all the time, and you follow the right precautions, there is no reason any 'bit' of it should be left on the PC.
The 'little trace' I'm talking about is the MRU lists in the registry and recent documents folder. If you do nothing about this, an attacker may be able to tell the name and path of documents you opened. This is why I specifically mention cleaning these out in the FAQ.
Please note the word *may* in that sentence. Which one of us is supposed to have 'imprecise thinking' again?
There are some extra steps you have to take to make sure hidden volumes are genuinely hidden. This is described in the documentation. [github.com]
I intend to add a wizard for creating hidden volumes that ensures this is done by default. This will make DoxBox even more secure, and no doubt will make you declare it's even less so.
Take back your internet [squte.com]
(Score: 0) by Anonymous Coward on Sunday August 24 2014, @07:58PM
This approach is the real way to protect against "rubberhose decryption": https://bugs.launchpad.net/ubuntu/+bug/148440 [launchpad.net]
If a popular OS creates an encrypted container[1] by default it's true plausible deniability.
[1] bonus points if it also has an easy option to encrypt the whole drive (while still creating an encrypted container). People who encrypt the whole drives may or may not use the container.
(Score: 3, Interesting) by kaszz on Sunday August 24 2014, @01:46PM
Most Microsoft software spew all secrets all over the place and have bad security if any. So this is flawed from the start.
(Score: 1) by epitaxial on Sunday August 24 2014, @03:49PM
What are you even talking about? Do you mean the indexing service? Pretty sure Linux has the same thing running. Most third party programs have a menu with the last 4 files opened. Hardly Specific to Microsoft.
(Score: 2, Insightful) by Justin Case on Sunday August 24 2014, @03:54PM
Yes many Linux distros and programs are following Windows down the sewer. That doesn't make Windows OK.
(Score: 2) by kaszz on Sunday August 24 2014, @10:34PM
The code, API, configuration management, filesystems.. It's badly done. That doesn't necessarily mean bad programmers. But that's irrelevant if the management is crap anyway. I can probably dig up some examples. But I rather stay away from the empire of spaghetti design. Someone else can probably find you some examples.
(Score: 3, Interesting) by Lagg on Sunday August 24 2014, @03:05PM
There are several vague non-promises in that feature list and the fact that it's one person the account on github has no activity otherwise associated with it is not very reassuring either. The website it links to appears to be something vaguely resembling pipedot that is otherwise unrelated to the project and the person behind it is otherwise completely anonymous besides having a handle (tdk) that I'm guessing are his initials going by common convention. But this was an admittedly prompt search. That's just the shady parts in terms of the developer though. The technical issues start becoming apparent when you first look over the code. According to github's language meter which is accurate enough unless they're highly similar syntactically like C and C++, the repo is composed 50% of Pascal (which is just a bunch of Delphi crap so not a big deal in itself but it's still pretty high) and the dir layout of the project itself looks deliberately hard to navigate but that's mostly FreeOTFE's fault (its own red flag, see below).
That's not even entering into the bigger technical red flags such as the fact that as far as I can tell this is a rebranded FreeOTFE. If it's not then I sure as hell can't find any original code so I couldn't start getting into the real issues such as actual security holes since I don't really want to dig through FreeOTFE (but do we even know if it in itself is passable? Last I heard of it the project site domain got squatted). That's why I can't even call this a fork. This [github.com] is a representative line of sorts. Not really inspiring confidence here. Especially considering the fact that the submitter was anonymous and the project site, squte.com, appears to not have sufficient traffic to lead to independent discovery. It looks like the same guys creating the comments and each of that group are also the posters. Not that there's anything wrong with that in any other context but here it's questionable for several reasons.
http://lagg.me [lagg.me] 🗿
(Score: 5, Informative) by tdk on Sunday August 24 2014, @05:10PM
Could you be more specific?
I don't understand this either. Why not? The vast majority of software engineers have never even heard of github, let alone have accounts on it.
I only created an account to host DoxBox.
Github doesn't do any kind of check on your ability before you get an account - you only need an email. If I had registered a year ago, why would that make me a better developer?
You could say the same about soylentnews :-). In fact squte.com predates both pipedot and SN. You can find an earlier discussion about it here [squte.com].
I am far, far, *far* less anonymous than most people on the internet, or SN for that matter. tdk are my real initials. You can find my real name in about 20 minutes of googling. A big contrast with nyms like 'Lagg' or 'NCommander'.
Again, I don't know why any of this is /shady/.
Can you tell me which specific bits of the Delphi code are crap and why?
Again, why is that a 'red flag'?. From the FAQ:
This is a line where the name "FreeOTFE" was changed to "DoxBox", as described in the FAQ. I can see absolutely nothing wrong with it.
Again, I've absolutely no idea why this is 'questionable'. It might help if you knew squte.com was a front end to usenet, and conventions on Usenet are different to web forums.
Take back your internet [squte.com]
(Score: 0, Flamebait) by Lagg on Sunday August 24 2014, @06:15PM
First the obvious one, protection from divulging the key via torture. You can't guarantee that at all and just denying decryption is not proofing it. Then the implication that portable mode leaves little trace. Even if you were to emphasize the keyword "little" it'd still be misleading at best since I see nothing here that actually tries to shred it which even then can't be guaranteed on any given modern FS implementation later than ext2 and FAT. Other than that there are features that are FreeOTFE's, not yours. Which you are rebranding and not forking or rebasing upon until distinct original code appears on top of it.
False, every person who I work with or meet who writes code knows of it. The very fact that my out of the loop ass knew about it and made an account a few years ago pretty much shows that it's at the very least known as well as sourceforge. Possibly even moreso at this point. I know exactly one who doesn't have an account there because he doesn't want or need one.
and you couldn't self-host when you clearly had bandwidth to do so with why?
It wouldn't, but it'd make you a hell of a lot less suspicious. It's not even a matter of age to that much of an extent though. If you'd have made the account merely a week ago and still partook in other repos, issue discussion, forking, starring, watching and that kind of thing like most other people who use github do it'd have helped a lot in making it not seem like something that just came out of nowhere.
No, soylent neither looks like pipedot or has a common codebase as it is a fork of slashcode. Regardless of what predates what, soylent and pipedot ended up being the ones with most activity and thus possibility for independent discovery of a project original to it so launch dates are irrelevant here.
Not to me, I just see your initials (which I assumed they were as indicated by my post) with no apparent expansion upon it. My name is also my initials with an additional L prefixed to it that at one point was there to notate "luser" because of both the mainframe local-user and client /luser command. This is immediately obvious on my homepage (Anthony G. Garcia), which is also something you lack that would be extremely useful for purposes of assuring identity and telling people that you're basically willing to attach your real identity to show you have stake in this project and take responsibility for it. So no you're not as anonymous as many people, but most? False, and you're certainly more anonymous than anyone who is applying critical thinking to projects like this that spring up especially after people were burned by the totally anonymous truecrypt maintainers are comfortable with.
"Crap" as in "a bunch of junk", like for example "look at all this crap on my desk I have to clean up". Granted, I don't really care for delphi either but that's a personal preference.
If this was a fork there wouldn't be and in itself it doesn't indicate anything. But for this project it does, hence representative line. But this hasn't earned enough divergence to be called a fork. I literally couldn't find original code in my (again, admittedly prompt) search and most of the file's tip commits even say that they're as shipped by FreeOTFE. It's a rebranding. Even then there would be nothing wrong with it since some rebrands are actually useful like certain firefox ones such as palemoon mostly being different compile opts. But nothing like that is the case here and the way you put this across as a novel project is rather dishonest. Especially since, and let's cut the crap, you were the submitter. It's the only way your presence here so quickly and the fact that this was "discovered" and prepared as a submission adds up. For future consideration though don't bother. People here aren't going to care if you happen to shill your own website /or project so long as it's a good submission.
I gathered as much going from the group notation but that still doesn't change the fact that it's barren (which, again, is totally fine but doesn't lend credit to independent discovery of the project) and I highly doubt that there is going to be more activity there than on a webterface. Kind of dishonest to imply otherwise. Even people like me who'd die to have something to use an NNTP client with again and got excited at the prospect of a gateway for soylent are more likely to just use the webterface for most actual posting rather than reading.
Normally upon seeing this kind of response I'd just say "okay, fair enough" and leave it at that but your strange at best responses make you seem even more suspicious than I initially thought.
(Score: 1, Insightful) by Anonymous Coward on Sunday August 24 2014, @06:44PM
If you're going to give constructive criticism, leave the ad hominems out of it. If you're worried about the code because you think poorly of the programmer, why don't you audit the code? Hell, you could even help write it! After all, that's supposed to be the "strength" of open source, right? Your whole post is basically just a long list of complaints only tangentially related to the program itself.
(Score: 2) by Lagg on Sunday August 24 2014, @07:58PM
No not even close to what I said, but the fact that you think this is what the post boils down to indicates that you're missing the point even though I didn't think it was that hard to get. You probably didn't read all of it or much of it for that matter. Even if I was saying anything like that I'd not be one to talk, I've not been on github long compared to many people I know and my website isn't that great either. But it's there and I'm willing to tie myself with what I do. I'd rather not audit or otherwise try to refamiliarize myself with freeotfe (which is what this is) even if I did like it and I didn't even when it wasn't long abandoned and the project domain squatted. Assuming that it was still very active and I did want to audit it, I'm not the best person for it. Because even though I'm fine with the standard bugs like bad or missing bounds checking, null/bad dereferences, unsanitized input and so forth the truly devious bugs like intentional weaknesses in the implemented algos are things that not only someone who specializes in this stuff would be better suited for but also more than one of them.
Which is what truecrypt has, regardless of rumors of it being compromised. Yet you want me to invest my time and energy auditing a freeotfe rebrand just because. So you're pulling quotes out of your ass (and don't bother saying it's paraphrasing, I mean did I even question this guy's skills? There's pulling quotes out of your ass and then there's being straight up schizophrenic), sarcastically pointing out a strength of open source you don't understand, accusing me of being off topic and do all this while posting anonymously while also not actually giving any kind of technical response. And are apparently not seeing the hilarity in claiming ad hominems. Okay.
Once one gets past the inherent lack of novelty and usefulness in a rebranded encryption tool there just really isn't any point if it doesn't bring something new to the table especially when it spreads ever thinner the cryptographic effort. Particularly when said tool is effectively abandoned and straight out of gate there are severe issues with dishonesty. Again going back to just one example, claiming that something leaves little trace without having any kind of shredding functionality, already a lofty promise in today's filesystems, and still being detectable with the most basic forensic software and not even verging into the realm of hardware forensics is the kind of distinction that can make or break a usecase. There's a reason such things aren't really claimed if at all.
http://lagg.me [lagg.me] 🗿
(Score: 1) by RobotLove on Monday August 25 2014, @03:17PM
This post and several of your other posts reek of "going down with the ship". It is a sign of strength, not weakness, to adjust your opinion based on new evidence.
(Score: 2) by tdk on Thursday August 28 2014, @07:06PM
that you never seem able to justify, mixed with bizarre non sequiturs like:
I never guaranteed anything of the kind.
You clearly have no idea what OTFE is; the data on disk is always encrypted, so there is no need to 'shred' anything.
You could have saved yourself a lot of embarrassment if you actually used the program, or at least read the docs before you commented on it.
you seem to have a number of fixed ideas:
1. there is some unspecified but important difference between a 'fork' and a 'rebrand'
2. I am claiming this is a 'fork' but in fact its a 'rebrand', so I'm 'dishonest'
3. there's something 'suspicious' about the fact that I renamed FreeOTFE as DoxBox.
Lets deal with the last first. As I've already said in this thread, and as it says in the FAQ:
Again, you would have saved yourself embarrassment if you just read the docs first.
The reason I rebranded it is because I am *legally obliged* to. If I had released DoxBox without rebranding it from FreeOTFE I would be *breaking the law*.
What you insist is *suspicious* is that I chose not to commit a crime.
Secondly I never claimed it was a 'fork'. The only person who's used the word 'fork' up to now is *you*.
jesus, talk about desperate.
I've no idea what you're wittering on about here.
You insinuated that squte.com was a copy of pipedot.org. I pointed out that squte.com predates pipedot.org (and so can't be a copy). You then start jabbering on about 'codebases' and 'activity'.
If you're withdrawing your accusation that I copied pipedot.org, I accept your apology. Otherwise I look forward to your explanation of where I got a time machine to retroactively copy pipedot.
My homepage is at the link which says 'homepage' near to my name. The clue is in the word 'homepage'.
I know what the word 'crap' means. I didn't ask "what does crap mean?" I asked:
If you can't name any specific bits of the code that are crap, then your claim that you knew the code to be 'crap' is false. When someone is caught out making fabricated accusations against another, they either apologise, or are regarded as a troll or bullshitter by any onlookers.
Github shows code changes in an easily browsable form. It took me all of 30 seconds to find this page https://github.com/t-d-k/doxbox/commit/7f2dc196490e71ada41e32a37a4c25d9c8115742 [github.com] which says in bold at the top :
snip
That is a blatant lie. And an insulting one.
From the FAQ:
yes, it's repeated 4 times.
As if that wasn't enough, the app has this text prominently displayed at the bottom of the main window:
This is shown *all the time* the main window is visible. This text is repeated on the about window:
I honestly dont know what I could possibly do to make it even more obvious that DoxBox is based on FreeOTFE, without breaking the licence.
The lengths you are going to to try to slur me are extraordinary. You are prepared to tell blatant untruths, which are easily disproved just by following a few links.
It seems to me I must have done something to upset you. It might be useful to actually tell me what it is.
Is this what this is all about? you think I am the AC who submitted the story? Even if it were true (it isn't) do you think your reaction - blatantly lying in order to claim I am stealing code - is appropriate?
You seem to care a lot (even though its not true).
You keep bringing up the fact that my site has less traffic than SN and claiming it makes me 'suspicious'. Now you're saying it's totally fine. If it's 'totally fine' why do you keep bringing it up?
You keep using the phrase 'independent discovery'. I've no idea what this is supposed to mean.
You now seem to be saying it's 'kind of dishonest' of me to operate a web interface to usenet. Yet another bizarre non sequitur to add to the list.
I'll leave any readers to judge which one of us is more 'strange' and 'suspicious'.
In case you haven't realised it yet; I don't consider this a constructive conversation.
I have no intention of reading anything else you write, or responding to anything you post. Or, to put it in Usenet, terms: *plonk*
(Score: 2) by chewbacon on Monday August 25 2014, @03:24AM
While I'm not by a Delphi coder, a guy told me once: you can shoot yourself in the foot with Delphi, but use the same gun with C++ and you'll blow your whole leg off.
Good luck with your endeavors. I am one of the heartbroken users of TrueCrypt. My dependency on it isn't life or death, but I would still like to use something supported.
(Score: 1) by cout on Monday August 25 2014, @02:23PM
Oh wait, it said doxbox not dosbox. Rats!