Someone has harvested my address

Jean-David Beyer jeandavid8 at
Tue Sep 9 23:48:25 CEST 2008

Hash: SHA1

Robert J. Hansen wrote:

| When confronted with the fact many PCs (typically Win32, but there's no
| reason to think exclusively so) are compromised without us knowing it,
| what then should our response to it be in terms of effective usage of
| GnuPG?
| (My answer is 'use OS X and/or Linux, and always suspect the endpoints
| are leaky'.  Other people's may differ, of course.)
I suspect that Linux and OSX may be more resistant to compromise than
Windows systems, but I would not wish to be dogmatic about it ("Do not step
in the dogma."). I never get e-mail or browse the web when I am root. I run
~  a firewall. The only servers I run do not serve the Internet (ntpd and
sendmail and named). So I am pretty safe. But if I desired to prove that my
machine were uncompromised, how would I go about it?

I imagine it is not so easy. Once I tried to write test programs that
pinpointed hardware errors. I wanted them mathematically correct. I could
not because I always needed to assume some of the machine was working
correctly. Thus, a memory test program assumes, at least, that the
processor(s) are working correctly. A processor test assumes the memory is
working correctly, and so on.

It seems to be a chicken and egg problem both for software and hardware.
The original problem is easy: a chicken is an egg's way of reproducing itself.

- --
~  .~.  Jean-David Beyer          Registered Linux User 85642.
~  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
~ /( )\ Shrewsbury, New Jersey
~ ^^-^^ 17:40:01 up 33 days, 23:46, 4 users, load average: 5.07, 4.55, 4.31
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS -


More information about the Gnupg-users mailing list