MSNBC: “House Majority leader Dick Armey
may seek U.S. Justice Department budget cuts to curb
the use of the FBI e-mail surveillance tool formerly
known as Carnivore, a spokesman said on Thursday. “If
necessary he would consider using Congress’s power of
the purse to pull the plug on Carnivore,” said the aide,
Richard Diamond.”

Topics this week include the latest release of Nadmin Studio (1.4), and an Everscreen announcement. Posted at Linux Weekly News.

ftp://ftp.kernel.org/pub/linux/kernel/people/alan/2.4/
Intermediate diffs are available from http://www.bzimage.org

In terms of going through the code audit almost all the sound drivers still 
need fixing to lock against format changes during a read/write. Poll creating 
and starting a buffer as write does and also mmap during write, write during
an mmap.

2.4.5-ac14
o       Fix oops on command abort on aha152x            (me)
        | This so far is only a partial fix
o       Switch to unlazy swap cache free up             (Marcelo Tosatti)
o       Page launder changes                            (Rik van Riel)
o       Remove dead irda irlap compression code         (Dag Brattli)
o       Fix bug where init/main.c executes freed code   (Hans-Peter Nilsson)
o       Fix ramfs accounting. truncate/freepage hook    (Christoph Rohland)
o       Add MTWEOF ioctl to parallel tape               (Russ Ingram)
o       Add driver for CATC based USB ethernet          (Vojtech Pavlik)
o       Update cris architecture code                   (Bjorn Wesen)
o       Clean up reiserfs tail->full page convert       (Chris Mason)
o       Clean up lp init, fix lp= option handling       (Tim Waugh)
o       Don't panic on out of memory during ps/2 setup  (Andrey Panin)
o       Initialise vc_cons objects in full              (Richard Hirst)
o       Futher Configure.help resync                    (Eric Raymond)
o       Fix misdeclaration of xtime                     (Petr Vandrovec)
o       Add yet more sb variants                        (Andrey Panin)
o       Fix bogus VIA warning triggers (I hope)         (me)
o       Fix 3c509 symbols when building nonpnp          (Keith Owens)
o       Make pid on core dump configurable              (Ben LaHaise)

Slashdot: “Check out this posting by Amiga`s CTO on the AmigaOne Mailing list.
It includes some concept pictures of a GUI for the Amiga Digital Environment, which is being
targetted at AmigaDE enabled handheld devices like Sharp`s upcoming Zaurus PDA.”

Slashdot: “How many people run Linux as a desktop OS? How many servers run Linux? Is the Linux
server market share 8.6 percent or 24 percent or somewhere in between? Dan Kusnetzky is
a heavily quoted analyst at IDC who wrestles with questions like these for a living. This is
your chance to find out how analysts come up with all those numbers — and why analysts
seem to disagree with each other so often.”

ZDNet: “The Embedded Linux Corporation (ELC), has begun an initiative to boost its presence in
Europe after a successful meeting with many of the continent’s leading open source
players on Wednesday.”

ZDNet has commentary saying Linux really needs a bigger PR effort from more mainstream spokespeople.

The announcement’s at LWN.net. “This is the second BETA release for the upcoming Trustix Secure Linux 1.5
release. It has version 1.4.90, and is nicknamed “ADSL” (guess why :).

It is in serveral ways INCOMPATIBLE with 1.2, and you do not want to
just continue without knowing a little more of what is ahead.”

A ZDNet AnchorDesk column follows up on earlier column saying Linux wasn’t ready for the desktop. The column names several issues of concern — too many Linux distro, community doesn’t speak the language of the “average user” — and a couple of “insurmountables” for Linux to work on the desktop. Among the insurmountables: Customers are sheep who are used to Micrsoft.

– By Grant Gross –

A quiet project hosted on SourceForge.net is attempting to give Internet users a level of anonymity that hasn’t yet been achieved. Founders of the CryptoBox project are dedicating it to Internet users in censorship-happy countries who face getting prosecuted for sharing their beliefs.

The CryptoBox developers are working on an ultra-secure, decentralized instant messaging application that could also be used to encrypt other types of online transmissions, such as email and file sharing. Project founder Nikola Bobic, a graduate student and part-time instructor at the University of Ottawa’s School of Information Technology and Engineering, makes no guarantees that his software will be perfectly secure — like many security experts, he admits there is no such thing — but his goal is to make the program as secure as humanly possible.

“An attacker would need extraordinary resources to read your messages,” he writes in the project FAQ.

“Anonymity, when talking in CryptoBox’s context, refers to the fact that no one is able to tell with a certain degree of certainty, whether you are sending messages or receiving them.”

Unlike email using PGP or anonymous remailers, where the identity of the person receiving the message can be seen by snooping parties, CyptoBox uses two-way anonymity. “When you send an encrypted message to someone (using email with PGP), an attacker maybe can’t break the message, but she sure knows that you are communicating with that other person,” Bobic writes. “If that other person is someone who the government does not like, this fact alone can be enough, in some countries, to imprison you for conspiracy and treason against a regime.”

Bobic started CryptoBox as a research project, an extension of his research into wireless networking. CryptoBox’s peer-to-peer foundation is similar to the ad-hoc networks that serve as the basis for wireless communication, Bobic says.

“Another influence was the general lack of any quality security
toolkit out there as well as the social and political issues,” he says. “Since we
firmly believe in freedom of speech, it is disheartening to see how
many people are imprisoned around the world simply because they have
conflicting views and ideas from the regime currently in charge. We
would like to provide those people with means of safe, private and
effective communication so that they can disseminate their views freely
with the rest of the world and finally bring democracy to their people.”

CryptoBox is a security layer that “can be interfaced with any application that needs to communicate securely,” according to the project’s about page. It uses its own XML-based Internet protocol, which is relayed to a transport, which can be TCP/IP, SSH, etc., and it can be piggybacked onto communication protocols of other applications, such as Freenet. Most of the protocols and standards in CryptoBox use public key infastructure.

The infant project, started in late 2000, is concentrating right now on instant messaging functions, but developers plan to offer other plug-ins for functions such as sharing small files and voice over IP. Bobic does not plan to write a plug-in to trade MP3s. “You can, if you want to spend 45 minutes of your time, build one quickly on your own,” he writes.

The two-person (at least until recently) CryptoBox team has switched the programming language for CryptoBox from MS DCOM architecture in C++ to Java. [For an explanation of why MS DCOM, see the FAQ.] Since then, the team has been working on some problems with the code.

“Since then, we have managed to solve a vast majority of [the problems] and the only
thing left now is to optimize node optimization and connection
protocols,” he says. “One of the most complex parts of the system is the dynamic
optimization algorithm which is the heart and soul of the mobile
network agent and it is extremely tricky to specify it completely. We
have a lot of code which was written for testing and simulation
purposes and that will have to be converted slowly over to Java.”

The project, which has only released the old C++ version of the code, got a recent boost from a posting on InfoAnarchy.org. The post generated some questions and criticisms — Bobic says he wasn’t quite ready for the exposure yet — but since the article, he says he’s gotten offers to help from eight developers and one person has already started working on the project documentation. The post also generated about 30 encouraging emails, he says.

One of the next projects for the CryptoBox team is picking which Open Source/Free Software license they want to use. Bobic says he’s considering the GPL, but he doesn’t want to require programmers who make derived work from CryptoBox to also release that work under the GPL. “Since we would like the protocols/layers that we
implement to be useable in any commercial application as well (without any
royalties), we run into some conflicts,” he says. “The solution would then be to
release it under LGPL; however, we then have to separate the layers and
protocols into one section (LGPL) and applications (plug-ins) into the
GPL section. This can be very tricky and could dictate the development
plan as well (something that we’d like to avoid at all costs).”

Another licensing hurdle, Bobic says, is what to do if the project wants to patent a particular algorithm.

“We would like the patent to be free for everyone who releases code under GPL and
charge those who would like to use it for commercial applications,” he says. “I
see the uncertainty of what exactly has the higher authority: GPL or a
patent law and I am unsure at this point what would be the best step to
take.”

The project’s design philosophy states that the “whole application (or at least the most critical parts of it) has to be open-sourced. This is the ONLY way to give users complete confidence of app’s inner workings.”

Bobic says he has several goals for the young project, most of all to provide a “thin, easy-to-use security and anonymity” for the Internet. “The main goal
is to provide a commercial-quality and strength API which anyone who wants
to add to their application will be able to do so. There are a
lot of anonymity and security related applications out there but none
of them are extensible and are tuned for a particular task such as
emailing and file sharing, for example. We wanted to …
create something that requires very little to none user input and is
also general enough so that it can be used for any specific purpose.”