Discussion:
TrueCrypt 2.0 released (free open-source on-the-fly disk encryption for Windows XP/2000)
(too old to reply)
Thinker
2004-06-07 13:05:55 UTC
Permalink
TrueCrypt 2.0 has been released. It can be downloaded at:

http://www.freewebtown.com/a4ncg2i6op/

http://mywebpage.netscape.com/rvjtgn/


WHAT IS NEW IN TRUECRYPT 2.0

Bug fixes:

- Data corruption will no longer occur when a TrueCrypt partition is
subjected to heavy parallel usage (usually when copying files to or
from a TrueCrypt partition). This also fixes the problem with
temporarily inaccessible files stored in TrueCrypt partitions.

Note: File-hosted volumes were not affected by this bug.

- After dismounting and remounting a volume, its file system will be
correctly recognized by the operating system and it will be
possible to reuse the same drive letter (Windows 2000 issue).

- The main program window will not be displayed when run in quiet
mode (command line usage).

- Two password entry attempts are no longer necessary to be able to
mount a volume (command line usage).

- All partitions will be visible to TrueCrypt even if one of them is
inaccessible to the operating system (an inaccessible partition
made all successive partitions on the hard disk unavailable to
TrueCrypt).

- Relative path can be specified when mounting a file-hosted volume
(command line usage).

- Incorrect passwords are reported when auto-mounting (command line
usage).

New features:

- AES-256 (Rijndael) encryption algorithm.

- The command line option /dismountall was renamed to /dismount which
can now be also used to dismount a single volume by specifying its
drive letter.

Improvements:

- Memory pages containing sensitive data are now locked to prevent
them from being swapped to the Windows page file.

- The state of the random pool will never be exported directly so the
pool contents will not be leaked.

Miscellaneous:

- Released under GNU General Public License (GPL)



PLANNED FOR FUTURE VERSIONS:

- 'Hidden' container
- Linux version
- Anti-Key-Logger Facilities
- HMAC-RIPEMD-160
- Keyfiles

and more.
unknown
2004-06-07 18:46:55 UTC
Permalink
:http://www.freewebtown.com/a4ncg2i6op/
:http://mywebpage.netscape.com/rvjtgn/
:WHAT IS NEW IN TRUECRYPT 2.0
:- Data corruption will no longer occur when a TrueCrypt partition is
: subjected to heavy parallel usage (usually when copying files to or
: from a TrueCrypt partition). This also fixes the problem with
: temporarily inaccessible files stored in TrueCrypt partitions.
: Note: File-hosted volumes were not affected by this bug.
:- After dismounting and remounting a volume, its file system will be
: correctly recognized by the operating system and it will be
: possible to reuse the same drive letter (Windows 2000 issue).
:- The main program window will not be displayed when run in quiet
: mode (command line usage).
:- Two password entry attempts are no longer necessary to be able to
: mount a volume (command line usage).
:- All partitions will be visible to TrueCrypt even if one of them is
: inaccessible to the operating system (an inaccessible partition
: made all successive partitions on the hard disk unavailable to
: TrueCrypt).
:- Relative path can be specified when mounting a file-hosted volume
: (command line usage).
:- Incorrect passwords are reported when auto-mounting (command line
: usage).
:- AES-256 (Rijndael) encryption algorithm.
:- The command line option /dismountall was renamed to /dismount which
: can now be also used to dismount a single volume by specifying its
: drive letter.
:- Memory pages containing sensitive data are now locked to prevent
: them from being swapped to the Windows page file.
:- The state of the random pool will never be exported directly so the
: pool contents will not be leaked.
:- Released under GNU General Public License (GPL)
:- 'Hidden' container
:- Linux version
:- Anti-Key-Logger Facilities
:- HMAC-RIPEMD-160
:- Keyfiles
:and more.
This sounds very interesting. Thank you on behalf of all users. Your hard work on this
project is very much appreciated.

Doctor Who
Olaf K.
2004-06-12 07:46:07 UTC
Permalink
This offer sounds nice. But the web page looks a little mysterious for such
a special tool. Might be a trap...

Be careful!

olaf
Post by unknown
:http://www.freewebtown.com/a4ncg2i6op/
:http://mywebpage.netscape.com/rvjtgn/
:WHAT IS NEW IN TRUECRYPT 2.0
:- Data corruption will no longer occur when a TrueCrypt partition is
: subjected to heavy parallel usage (usually when copying files to or
: from a TrueCrypt partition). This also fixes the problem with
: temporarily inaccessible files stored in TrueCrypt partitions.
: Note: File-hosted volumes were not affected by this bug.
:- After dismounting and remounting a volume, its file system will be
: correctly recognized by the operating system and it will be
: possible to reuse the same drive letter (Windows 2000 issue).
:- The main program window will not be displayed when run in quiet
: mode (command line usage).
:- Two password entry attempts are no longer necessary to be able to
: mount a volume (command line usage).
:- All partitions will be visible to TrueCrypt even if one of them is
: inaccessible to the operating system (an inaccessible partition
: made all successive partitions on the hard disk unavailable to
: TrueCrypt).
:- Relative path can be specified when mounting a file-hosted volume
: (command line usage).
:- Incorrect passwords are reported when auto-mounting (command line
: usage).
:- AES-256 (Rijndael) encryption algorithm.
:- The command line option /dismountall was renamed to /dismount which
: can now be also used to dismount a single volume by specifying its
: drive letter.
:- Memory pages containing sensitive data are now locked to prevent
: them from being swapped to the Windows page file.
:- The state of the random pool will never be exported directly so the
: pool contents will not be leaked.
:- Released under GNU General Public License (GPL)
:- 'Hidden' container
:- Linux version
:- Anti-Key-Logger Facilities
:- HMAC-RIPEMD-160
:- Keyfiles
:and more.
This sounds very interesting. Thank you on behalf of all users. Your hard work on this
project is very much appreciated.
Doctor Who
Imad R. Faiad
2004-06-12 17:41:36 UTC
Permalink
greetings,
without offending anyone, i don't undertsand why you are
suspicious, this is a truely GPL project, as in, what
they say " free speach, and free beer"
so far the community has been taken for a ride
by decptivly similar projects which were supposed
to be free and "open source?", but later on, when they achieved a market
penetration they gave up the free their definition of open source
or adopted a close source literally.
so i do wonder, whether you have any associations with any
of the deceptive schemes with which the community had already
inflicted? if that is the case, please do not deceive us
anymore, because, by now we know better.
best regards
Imad R. Faiad
unfortunately i cannot PGP sign this message on this box,
as I do not have the key, but, will repost the same
when i do.
Peace to everyone,
and best regards
Imad R. faiad
Post by Olaf K.
This offer sounds nice. But the web page looks a little mysterious for such
a special tool. Might be a trap...
Be careful!
olaf
Post by unknown
:http://www.freewebtown.com/a4ncg2i6op/
:http://mywebpage.netscape.com/rvjtgn/
:WHAT IS NEW IN TRUECRYPT 2.0
:- Data corruption will no longer occur when a TrueCrypt partition is
: subjected to heavy parallel usage (usually when copying files to or
: from a TrueCrypt partition). This also fixes the problem with
: temporarily inaccessible files stored in TrueCrypt partitions.
: Note: File-hosted volumes were not affected by this bug.
:- After dismounting and remounting a volume, its file system will be
: correctly recognized by the operating system and it will be
: possible to reuse the same drive letter (Windows 2000 issue).
:- The main program window will not be displayed when run in quiet
: mode (command line usage).
:- Two password entry attempts are no longer necessary to be able to
: mount a volume (command line usage).
:- All partitions will be visible to TrueCrypt even if one of them is
: inaccessible to the operating system (an inaccessible partition
: made all successive partitions on the hard disk unavailable to
: TrueCrypt).
:- Relative path can be specified when mounting a file-hosted volume
: (command line usage).
:- Incorrect passwords are reported when auto-mounting (command line
: usage).
:- AES-256 (Rijndael) encryption algorithm.
:- The command line option /dismountall was renamed to /dismount which
: can now be also used to dismount a single volume by specifying its
: drive letter.
:- Memory pages containing sensitive data are now locked to prevent
: them from being swapped to the Windows page file.
:- The state of the random pool will never be exported directly so the
: pool contents will not be leaked.
:- Released under GNU General Public License (GPL)
:- 'Hidden' container
:- Linux version
:- Anti-Key-Logger Facilities
:- HMAC-RIPEMD-160
:- Keyfiles
:and more.
This sounds very interesting. Thank you on behalf of all users. Your
hard work on this
Post by unknown
project is very much appreciated.
Doctor Who
Olaf K.
2004-06-13 10:01:13 UTC
Permalink
Hello NG!

What I mean ist that the PAGE looks a little suspicious. I don't know if the
tool is. But the most Open Source projects I know came with pages at some
special services like sourceforge or other. And they give much more
informations about their products than this. I saw just a link to an
executable and its sources. But nothing more. Thats why I called it
"suspicious". I did not check out the programs sources, so i dont know at
all if this code is ok or if it has probably some "special features" to
compromit your data.

Regards

Olaf

----
Post by Imad R. Faiad
greetings,
without offending anyone, i don't undertsand why you are
suspicious, this is a truely GPL project, as in, what
they say " free speach, and free beer"
so far the community has been taken for a ride
by decptivly similar projects which were supposed
to be free and "open source?", but later on, when they achieved a market
penetration they gave up the free their definition of open source
or adopted a close source literally.
so i do wonder, whether you have any associations with any
of the deceptive schemes with which the community had already
inflicted? if that is the case, please do not deceive us
anymore, because, by now we know better.
best regards
Imad R. Faiad
unfortunately i cannot PGP sign this message on this box,
as I do not have the key, but, will repost the same
when i do.
Peace to everyone,
and best regards
Imad R. faiad
Post by Olaf K.
This offer sounds nice. But the web page looks a little mysterious for such
a special tool. Might be a trap...
Be careful!
olaf
Post by unknown
:http://www.freewebtown.com/a4ncg2i6op/
:http://mywebpage.netscape.com/rvjtgn/
:WHAT IS NEW IN TRUECRYPT 2.0
:- Data corruption will no longer occur when a TrueCrypt partition is
: subjected to heavy parallel usage (usually when copying files to or
: from a TrueCrypt partition). This also fixes the problem with
: temporarily inaccessible files stored in TrueCrypt partitions.
: Note: File-hosted volumes were not affected by this bug.
:- After dismounting and remounting a volume, its file system will be
: correctly recognized by the operating system and it will be
: possible to reuse the same drive letter (Windows 2000 issue).
:- The main program window will not be displayed when run in quiet
: mode (command line usage).
:- Two password entry attempts are no longer necessary to be able to
: mount a volume (command line usage).
:- All partitions will be visible to TrueCrypt even if one of them is
: inaccessible to the operating system (an inaccessible partition
: made all successive partitions on the hard disk unavailable to
: TrueCrypt).
:- Relative path can be specified when mounting a file-hosted volume
: (command line usage).
:- Incorrect passwords are reported when auto-mounting (command line
: usage).
:- AES-256 (Rijndael) encryption algorithm.
:- The command line option /dismountall was renamed to /dismount which
: can now be also used to dismount a single volume by specifying its
: drive letter.
:- Memory pages containing sensitive data are now locked to prevent
: them from being swapped to the Windows page file.
:- The state of the random pool will never be exported directly so the
: pool contents will not be leaked.
:- Released under GNU General Public License (GPL)
:- 'Hidden' container
:- Linux version
:- Anti-Key-Logger Facilities
:- HMAC-RIPEMD-160
:- Keyfiles
:and more.
This sounds very interesting. Thank you on behalf of all users.
Your
Post by Imad R. Faiad
Post by Olaf K.
hard work on this
Post by unknown
project is very much appreciated.
Doctor Who
John Smith
2004-06-13 17:49:46 UTC
Permalink
On Sun, 13 Jun 2004 12:01:13 +0200, in article
Post by Olaf K.
Hello NG!
What I mean ist that the PAGE looks a little suspicious. I don't know if the
tool is. But the most Open Source projects I know came with pages at some
special services like sourceforge or other. And they give much more
informations about their products than this. I saw just a link to an
executable and its sources. But nothing more. Thats why I called it
"suspicious". I did not check out the programs sources, so i dont know at
all if this code is ok or if it has probably some "special features" to
compromit your data.
Regards
Olaf
Yes, unfortuantely, thanks to SecurStar and their legal threats, the
*Official* TrueCrypt site had to be pulled quite a while ago now so
all we have are these *Unofficial* mirrors.
bumpymail
2004-06-12 18:40:39 UTC
Permalink
"Imad R. Faiad" <***@cyberia.net.lb> wrote in message news:***@posting.google.com...

Are you really Imad? Of ckt versions of PGP? I wouldn't have
expected you to post via Google.

If so, you can probably understand the licensing situation with
TrueCrypt, since you've had to deal with them regarding PGP etc.
Post by Imad R. Faiad
greetings,
without offending anyone, i don't undertsand why you are
suspicious, this is a truely GPL project, as in, what
they say " free speach, and free beer"
How about the fact that the author put the GPL onto code he didn't
own?

He just took TrueCrypt 1.0, which was based on e4m, and made a few
modifications and put his own license onto it.

This also overrode other licenses for the the TC v1 stuff and for some
of the cryptography stuff.

It could have easily been done in a legal manner, but the guy didn't
have any urge to do that. Instead, the way he did it makes it just as
warez as using any of the commercial stuff like that.

Using 'diff' patches to patch e4m, add the AES & Idea encryption
modules, etc. could have preserved the license details for each
section. And maintained the open-source nature. (There are other
methods. That's just one.)

Instead, he just decided to put the GPL onto all of the code, even the
code that he didn't do and that had other, incompatable licenses. Not
exactly the actions of somebody who is trustworthy. If they aren't
honest enough to abide by even simple licensing issues, how can you
trust their code and binaires? Not everybody is going to examine
every single line of code (much less understand it) and compile it
themselves.


When TC v1 was released in the Scramdisk forum, there was a lot of
interest, until Shaun wanted the Win9x code from e4m removed. And
then SecurStar tried to claim they owned e4m, even the past versions
that were released under an open license.

TC v1 was a welcomed addition. But short lived.

TC v2 seems to have a very different attitude and reaction. Many
people don't care about the licensing issues, as long it's not
SecurStar's DriveCrypt. Other people do care whether it's a genuine
legal open source product.


Realistically, somebody just needs to take any of the several "virtual
device" programs (that create virtual disks or virtual cd's) and add
encryption to them.

That starts fresh with some GPL or public domain code and then there
wouldn't be any more situations like TrueCrypt v2. No more anonymous
authors. No more anonymous binaries. No more projects going
commercial.
nemo (nemo outis)
2004-06-12 20:21:43 UTC
Permalink
Post by bumpymail
Are you really Imad? Of ckt versions of PGP? I wouldn't have
expected you to post via Google.
If so, you can probably understand the licensing situation with
TrueCrypt, since you've had to deal with them regarding PGP etc.
Post by Imad R. Faiad
greetings,
without offending anyone, i don't undertsand why you are
suspicious, this is a truely GPL project, as in, what
they say " free speach, and free beer"
How about the fact that the author put the GPL onto code he didn't
own?
He just took TrueCrypt 1.0, which was based on e4m, and made a few
modifications and put his own license onto it.
Since you haven't a clue who the author is - or isn't - you
therefore have no knowledge of what rights he does or does not
possess or has or has not acquired. And therefore you have no
way of knowing if a GPL licence could - in the extreme case -
actually be appropriate.

For all you know the author could be Paul himself distributing
anonymously. I only offer this as an extreme example and do not
by any means represent it to actually be the case, but it shows
how utterly speculative all your nonsense is.

The code is distributed with a GPL licence. That, inter alia, is
a representation by the distributor/author that he has the rights
to do so. I, a user, who have no notice of any defect in that
representation and the licence, am entitled to rely upon it.

As for allegations by some that their intellectual property
rights have been infringed (e.g., Securstar) that is a matter
between them and the authors of Truecrypt, which can only be
settled by a court of competent jurisdiction.

But aside from the legal obfuscation and obnubilation, nobody
except the disputants much gives a flying fuck under which
licence, if any, Truecrypt 2 is distributed.

Regards,
John Smith
2004-06-12 22:28:57 UTC
Permalink
On Sat, 12 Jun 2004 20:21:43 GMT, in article
Post by nemo (nemo outis)
Since you haven't a clue who the author is - or isn't - you
therefore have no knowledge of what rights he does or does not
possess or has or has not acquired. And therefore you have no
way of knowing if a GPL licence could - in the extreme case -
actually be appropriate.
For all you know the author could be Paul himself distributing
anonymously. I only offer this as an extreme example and do not
by any means represent it to actually be the case, but it shows
how utterly speculative all your nonsense is.
The code is distributed with a GPL licence. That, inter alia, is
a representation by the distributor/author that he has the rights
to do so. I, a user, who have no notice of any defect in that
representation and the licence, am entitled to rely upon it.
As for allegations by some that their intellectual property
rights have been infringed (e.g., Securstar) that is a matter
between them and the authors of Truecrypt, which can only be
settled by a court of competent jurisdiction.
But aside from the legal obfuscation and obnubilation, nobody
except the disputants much gives a flying fuck under which
licence, if any, Truecrypt 2 is distributed.
Regards,
Philip/bumpymail,

I think nemo has explained above (for the second time I might add)
quite explicitly what the *basics* of the situation are so your
continual bleating about the licence of TC2 are going to fall on deaf
ears?
Phillip J. Fry
2004-06-13 00:07:18 UTC
Permalink
Post by John Smith
On Sat, 12 Jun 2004 20:21:43 GMT, in article
Post by nemo (nemo outis)
Since you haven't a clue who the author is - or isn't - you
therefore have no knowledge of what rights he does or does not
possess or has or has not acquired. And therefore you have no
way of knowing if a GPL licence could - in the extreme case -
actually be appropriate.
For all you know the author could be Paul himself distributing
anonymously. I only offer this as an extreme example and do not
Yes it could.

I thought of that. It could be Paul. It could be Shaun (but very unlikely
considering his reaction to TC 1) And to that guy who recently commented
that he'd rather use & trust anonymous stuff and warez than anything by
SecurStar, I even mentioned then that it could be SecurStar. (That he'd be
trusting the very company he refused to trust, simply because the program
was anonymous.) The same applies to TC v2.

But that does *NOT* change the situation with the other parts of the code.
It would *still* be illegal license changes. Even if it was Paul and Shaun
and SecurStar combined, the code would still have illegal license changes.

If that is truly him, and he did TC 1 and TC 2, then until proven otherwise,
it still has to be assumed that it's not and that the license changes are
invalid.

Remember, that's the same argument we made in support of TC1 and e4m's
license. That with SecurStar vs. e4m, until proven otherwise, the e4m
license has to be assumed as valid.

In this case, until it is proven it is the same author, you have to assume
they are different people, which causes additional licensing issues. There
is no evidence, no reason of any sort to suggest that it the same author or
Paul himself, especially considering Paul's previous attitude towards
supporting / extending e4m.
Post by John Smith
Post by nemo (nemo outis)
The code is distributed with a GPL licence. That, inter alia, is
a representation by the distributor/author that he has the rights
to do so. I, a user, who have no notice of any defect in that
representation and the licence, am entitled to rely upon it.
It is no indication. It could even easier mean that the guy is an idiot
about licenses. And / or that he has the same attitude towards licenses
that many people in the scramdisk group seem to have lately.
Post by John Smith
Post by nemo (nemo outis)
But aside from the legal obfuscation and obnubilation, nobody
except the disputants much gives a flying fuck under which
licence, if any, Truecrypt 2 is distributed.
For the past several years, people in the Scramdisk group have been strongly
wishing there was a free, open-source alternative.

Most have resisted using warez keygenerators for DriveCrypt, or a warez copy
of Scramdisk NT/2k, etc.

But all of a sudden, when TC v2 comes along, several people suddenly forget
about integrety and are apparently eager to use any program that isn't by
SecurStar, regardless of legality or morality (the same things that
prevented most people from using keygens or warez versions of Sramdisk.)
Post by John Smith
I think nemo has explained above (for the second time I might add)
Second time? Must have missed a message.
Post by John Smith
quite explicitly what the *basics* of the situation are so your
continual bleating about the licence of TC2 are going to fall on deaf
ears?
The only deaf ears are you people who are willing and eager to use warez /
illegal code.

Your dislike for SecurStar is causing people to jumpe eagerly to any other
program, regardless of any details about that other program.

The attitude is "It's not SecurStar's DriveCrypt, so it's great!"
nemo (nemo outis)
2004-06-13 01:56:46 UTC
Permalink
In article <WUMyc.11607$***@newsread2.news.pas.earthlink.net>, "Phillip J. Fry" <***@no.spam> wrote:
..snip load of arrant nonsense...
Post by Phillip J. Fry
But that does *NOT* change the situation with the other parts of the code.
It would *still* be illegal license changes. Even if it was Paul and Shaun
and SecurStar combined, the code would still have illegal license changes.
If that is truly him, and he did TC 1 and TC 2, then until proven otherwise,
it still has to be assumed that it's not and that the license changes are
invalid.
No, you terminal thickie, we don't have to assume a goddamned
thing. And we sure has hell don't have to put any credence in
your idiotic pronouncements regarding the validity or invalidity
of any licence.

If anyone has a contention about the validity or invalidity of
the licence then let him prove it. In a court of law. The rest
of us in the meantime can quietly suspend judgment - that is,
if we give a rat's ass (I, for one, sure as hell don't care about
the squabbles and allegations put forth by Securstar). We
needn't make any assumption whatever - that sort of autistic
scrupulosity based on surmise and conjecture can be left to
idiots like you.

Regards,
John Smith
2004-06-12 22:26:16 UTC
Permalink
On 12 Jun 2004 11:40:39 -0700, in article
<***@posting.google.com>,
***@bumpymail.com (bumpymail) wrote:

*sigh*

Hello Philip


-------------------------------------

From: "Phillip J. Fry" <***@no.spam>
Newsgroups: alt.security.scramdisk
Message-ID: <KzIyc.2741$***@newsread1.news.pas.earthlink.net>
Date: Sat, 12 Jun 2004 19:11:38 GMT
NNTP-Posting-Host: 63.156.100.67
X-Complaints-To: ***@earthlink.net
X-Trace: newsread1.news.pas.earthlink.net 1087067498 63.156.100.67
(Sat, 12 Jun 2004 12:11:38 PDT)
NNTP-Posting-Date: Sat, 12 Jun 2004 12:11:38 PDT



From: ***@bumpymail.com (bumpymail)
Newsgroups:
alt.security,alt.security.announce,alt.security.pgp,alt.privacy
Subject: Re: TrueCrypt 2.0 released (free open-source on-the-fly disk
encryption for Windows XP/2000)
Date: 12 Jun 2004 11:40:39 -0700
Message-ID: <***@posting.google.com>
NNTP-Posting-Host: 63.156.100.39
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1087065639 23579 127.0.0.1 (12 Jun 2004
18:40:39 GMT)
X-Complaints-To: groups-***@google.com
NNTP-Posting-Date: Sat, 12 Jun 2004 18:40:39 +0000 (UTC)
Xref: uni-berlin.de alt.security:69382 alt.security.pgp:188758
alt.privacy:175992
Phillip J. Fry
2004-06-13 00:07:17 UTC
Permalink
Post by John Smith
On 12 Jun 2004 11:40:39 -0700, in article
*sigh*
Hello Philip
Is there are particular point?

I've said in the group before that I try to make a habit of never using the
same name / address in other groups. That's not exactly a secret. I've
been doing that for years. That's just basic common sense for privacy on
the net these days.

And by the way.... that other email address is active for a while. I
figured somebody might want to email. It'll probably be filled up soon with
spam, but if that was Imad, he can reply there.

Since I saw that newsgroup message at NewzBot, and I didn't subscribe to
that newsgroup with my mail reader (since I don't use PGP, I only check it
on weekends), and I was logged into Google at the time, I replied there.

So what's your point?

Oh wait.... You thought I was trying to be clever and that I thought nobody
would notice the similarity in the subject.... [Gasp!] You caught me....
[heavy sarcasm]


Are you trying to imply that you actually approve of the guy violating all
of those licenses and adding the GPL to code he doesn't own?

That certainly seems to be what you've been suggesting.


IF that really had been Imad saying he approved of TCv2, then he definetly
need to know about the situation before he puts his name and reputation
behind it. It's unlikely he knew about that. He probably just read the
announcement and figured it was okay. He's had his own issues with pgp/ckt
and I think it's unlikely that he's going to knowingly and willing endorse a
program with licensing issues.
nemo (nemo outis)
2004-06-13 01:39:35 UTC
Permalink
Post by Phillip J. Fry
Post by John Smith
On 12 Jun 2004 11:40:39 -0700, in article
*sigh*
Hello Philip
Is there are particular point?
I've said in the group before that I try to make a habit of never using the
same name / address in other groups. That's not exactly a secret. I've
been doing that for years. That's just basic common sense for privacy on
the net these days.
Ohmigod, how can you ask here to assume there is any continuity
in the inanities which you spew? Unless you clearly identify
yourself - as you demand of the authors of Truecrypt 2 - how can
we be sure there its really you who is uttering your stupidities.
It could just be random - as opposed to consistent - nonsense!
Or even - heaven forfend - another fool masquerading as you.

Regards,

PS Perhaps you could issue yourself a GPL licence to be a
fool so that we could all rely on the authenticity of your
moronic utterances.
John Smith
2004-06-13 03:14:52 UTC
Permalink
On Sun, 13 Jun 2004 00:07:17 GMT, in article
Post by Phillip J. Fry
Is there are particular point?
Yes, just making sure we are all aware that you are *still* the only
one whining about all this. There's nothing worse than people who
invent their own sockpuppets in order to reinforce their own point.

Just making sure that's all!

<snip>
Post by Phillip J. Fry
Oh wait.... You thought I was trying to be clever and that I thought nobody
would notice the similarity in the subject.... [Gasp!] You caught me....
[heavy sarcasm]
Well you have been acting rather like a troll lately.
Post by Phillip J. Fry
Are you trying to imply that you actually approve of the guy violating all
of those licenses and adding the GPL to code he doesn't own?
No, I'm saying *I* don't care as NOTHING has been proven by ANYONE.
Post by Phillip J. Fry
That certainly seems to be what you've been suggesting.
Then suggest you start at the beginning of the thread and start all
over again.
Post by Phillip J. Fry
IF that really had been Imad saying he approved of TCv2, then he definetly
need to know about the situation before he puts his name and reputation
behind it. It's unlikely he knew about that.
LOL. Oh so now you are doubtful whether it was Imad or not who posted,
now that I have pointed out to you that he appeared to support TC2?
Your reply to him certainly didn't indicate you disbelieved it was
him!

Why do you assume Imad is not fully aware of the situation. You think
just because (on the surface of) his post, he doesn't share your view
and thinks the licence is valid that he is not "aware of the
situation"?

You assume far too much.

He could have been lurking here for years for all that you know.

Hell, HE *could* be the author of TC for all you know.
Post by Phillip J. Fry
He probably just read the
announcement and figured it was okay. He's had his own issues with pgp/ckt
and I think it's unlikely that he's going to knowingly and willing endorse a
program with licensing issues.
Yawn! There you go assuming things yet again!

So he wouldn't willingly endorse a program with licensing issues eh?
That's funny as I'm sure I remember the ckt Builds of PGP having some
"debateable" licencing issues itself which, up until PGP 8, didn't
stop Imad developing them further (for which the PGP community owes
him a debt of gratitude I may add :)
Imad R. Faiad
2004-06-14 14:02:46 UTC
Permalink
greetings,

E4M existed long before securestar went into that business.
as i recall there was first scramdisk, it only worked on
win9x. E4M was developed independently by Mr Le Roux
who published it with a very permissive license, more or
less public domain. then there was some kind of merger
between Mr Le Roux and the scramdisk people, who used
Mr Le Roux's expertize to develop scramdisk NT, which
was a closed sourced product which one had to buy.
Then the new scramdisk outfit was acquired by securestar.

the E4M license is very clear, according to it one
is not even required to publish the source code for
any derivative work. Hell, i can even take it as it,
compile it, change it's name, and start selling the
binaries. All that would be required of me is to:

BEGIN QUOTE E4M LICENSE
display on any packaging, and marketing materials which reference
your product, a notice which states:
"This product uses components written by Paul Le Roux
<***@swprofessionals.com>"

3. If you use any of the source code originally by Eric Young, you
must
in addition follow his terms and conditions.
END QUOTE E4M LICENSE

so, even if there were disputes between securestar and whomsoever,
i am not privy to them, the E4M license has granted me the rights
which
i am exercising.

as for truecrypt, there may be problem with GPLing it, as it is
incompatible with GPL, in that the E4M license is encumbered by
the attribution to Mr Le Roux. However, they can stick any
damn license they please for the value added work which they
do, and are not even required to publish the source code
which they produced.

i believe that the turcrypt outfit are acting in good faith,
and mean well, for if that was not the case, the E4M license
empowers them to do obnoxious things such as i have outlined
in the hypothetical example above. so, instead of bitching,
for the sake of the community, let us all lend them our support
and advise.

Ideally, truecrypt or any derivative work of E4M should be GPL'ed,
but, would that be possible? i hope that some GPL guru can shed
some light on that. Mr Le Roux made a big mistake, he should
have GPL'ed E4M, and mind you, had he done so, this would have
even not jeopardized his business pursuits.

and finally we should all be grateful to Mr Le Roux for E4M,
and the truecrypt people for their derivative work.
and sincerely wish them the best in whatever they do.

Best Regards

Imad R. Faiad
nemo (nemo outis)
2004-06-14 14:59:04 UTC
Permalink
In article <***@posting.google.com>,
***@cyberia.net.lb (Imad R. Faiad) wrote:
..snip...

Yep, I think your assessment of the E4M licence is correct.

Accordingly, the TC2 team (or anyone else, for that matter) can
do pretty much what they want with it, subject only to very minor
conditions such as acknowledging Paul.

It seems to me, on the face of it, that Securstar's attempt to
retroactively rescind Paul's licence based on their subsequent
deal with him is complete nonsense. However, the difficulty is
not wth the validity of Securstar's allegations and claims - they
appear unfounded - but the FUD which they produce and the
chilling effect they have in dissuading folks from building on
the E4M code. And it is that chilling effect, as near as I can
tell without being an insider, that was the intent of Securstar's
threats. In short, Securstar's actions are the classic ones that
go with a frivolous but threatening "slapsuit."

And so I applaud the TC2 team, not just for their creativity in
producing a fine program extending the original work, but for
having the courage to publish despite Securstar's tactics of
intimidation.

As for the licence that should go with TC2, it may or may not be
important (I attach much less weight to it than some others) but,
in any case, it is not urgent. In time, in time...

Regards,

PS As for licences I prefer the Berkeley BSD-style ones over
GPL as being even more wide-open, but that's just me :-)

PPS As for Securstar, I bear them no malice (although I am
rather put off by their commercial practices and now these legal
wranglings).

They chose to do a closed commercial development of Paul's and
Shaun's code - a perfectly reasonable course of action. But they
knew - or should have known - the type of wide-open licences that
were out there with that old code base. And they took some
reasonable steps to protect their interests such as hiring Paul
and Shaun and acquiring whatever rights *hadn't* been alienated
regarding the old code (damned few!) and, presumably, getting the
rights to future code produced by S & P.

In short, Securstar took a calculated business risk.
Unfortunately for them, they lost. Someone (the TC1 and TC2
teams) decided to develop the old codebase independently. Breaks
of the game.

However, that, in the face of this non-commercial competition,
Securstar did not choose to compete on the merits of its products
but instead has resorted to bullying tactics, does not reflect
well on them.
Phillip J. Fry
2004-06-14 19:27:16 UTC
Permalink
Post by Imad R. Faiad
E4M existed long before securestar went into that business.
as i recall there was first scramdisk, it only worked on
win9x. E4M was developed independently by Mr Le Roux
who published it with a very permissive license, more or
less public domain. then there was some kind of merger
between Mr Le Roux and the scramdisk people, who used
Mr Le Roux's expertize to develop scramdisk NT, which
was a closed sourced product which one had to buy.
Then the new scramdisk outfit was acquired by securestar.
Basically correct.

However, recently (when TrueCrypt 1.0 was released) the SecurStar people
sent a letter to them saying that Paul Le Roux apparently didn't have the
authority to use some code in e4m, and that therefor TrueCrypt 1.0 was in
violation too. No further details were given by either SecurStar or Paul Le
Roux. Mr. Le Roux has apparently been avdised by his lawyers to not discuss
the subject at all. (A typical lawyer recommendation. That does raise the
question of why he had already seen a lawyer about e4m, but doesn't
necessarily imply any guilt.)

So there is some questions about the legality of Paul's e4m. However, most
people (including myself) feel that until proven otherwise, the e4m license
has to be taken at face value. As mostly valid.

I say "mostly valid" because Shaun H. (the author of Scramdisk) refused to
allow TrueCrypt (or any e4m derivative) to use his Win9x code. He claims he
was unaware of e4m's license and that his code shouldn't have been
distributed in e4m with that license. (Kinda dodgy since he willingly took
e4m's code and used it in his final scramdisk product and used his license
on it.) Still, he is the author of that code, so he does have the right to
change his mind, so the Win9x code was removed from TrueCrypt.

(In fact, that is one of the reasons I keep suggesting that TC (or other e4m
derivative) be done as a "diff" patch against e4m. That way the Win9x code
could be left in, since there are still many people who use Win9x.)
Post by Imad R. Faiad
the E4M license is very clear, according to it one
is not even required to publish the source code for
any derivative work. Hell, i can even take it as it,
compile it, change it's name, and start selling the
For commercial purposes, is a license required to use the Idea encryption? I
don't know, but I've certainly gotten that impression. (I think that was
also mentioned back in the SecurStar DriveCrypt vs. e4m discussion.)

You'd also have to remove the Win9x code, since Shaun H. (of Scramdisk)
disputes the license for that.

Any commercial product would certainly need a bit of care taken with the
code. Give it a good examination for legal purposes.

A genuine open source encryption product should also probably be examined
carefully.

But yes, Paul's license is an *excellent* example of an open source license.
One of the best examples of open-source licenses around. You can pretty
much do whatever you want with it, without a lot of restrictions or
complicated legal terms to understand.
Post by Imad R. Faiad
so, even if there were disputes between securestar and whomsoever,
i am not privy to them, the E4M license has granted me the rights
which
i am exercising.
Provided Paul had the right to put that license onto some code. Which
SecurStar is saying he didn't.

Most people feel that e4m's license should stand on it's own merits until
proven otherwise by SecurStar. Since both SecurStar and Paul have decided
not to elaborate on it, most have concluded they were just upset about an
open source competitor to their DriveCrypt product.
Post by Imad R. Faiad
as for truecrypt, there may be problem with GPLing it, as it is
incompatible with GPL, in that the E4M license is encumbered by
the attribution to Mr Le Roux. However, they can stick any
damn license they please for the value added work which they
do, and are not even required to publish the source code
which they produced.
You can't stick the GPL onto the changes though, because that attaches to
the rest of the code, even if it has an incompatable license.

GPL is an "all or nothing" kind of license, and in that case, the GPL was
definetly the wrong license to use.

There are plenty of other open source licenses that could have been used.

And it's not just Paul Le Roux's e4m license that is the problem. The
TrueCrypt 1.0 team also had an incompatable license.

***Begin TC 1's license.
5. This product cannot be (re)distributed (including but not limited to
distribution via the Internet) without prior written permission from
TrueCrypt Team <***@truecrypt.org>. Making copies of the product for
personal use is allowed.

6. You may modify your copy or copies of the program or any portion of it
and/or base your own work on the program. Modified versions of the product
cannot be distributed without prior written permission from TrueCrypt Team.

7. In case you base your own work on the product, you may distribute such
work, provided that the following conditions are met:

a) Any work based on/derived from the product must not be called "TrueCrypt"
and its name must not contain the name "TrueCrypt".

b) Source code of any work based on/derived from the product must always be
freely and publicly available.

c) Phrase "Based on TrueCrypt" must be displayed by your program and/or
contained in its documentation.
***End TC 1's license.

So 5, 6 and 7a are also violated. And there is nothing in TC v1's license
that grants the authority to change the license of any derivative work.

And some of the code already in e4m (with other licenses by other authors)
can't be GPL'ed either. At least not without explicit permission from the
authors, in which case that should be noticed in the program docs.
Post by Imad R. Faiad
i believe that the turcrypt outfit are acting in good faith,
and mean well, for if that was not the case, the E4M license
They probably did mean well. Few have questioned that. But they were
extremely careless.

A genuine open source product (esp. an encryption one) has got to be much
more careful.

You can't just simply take somebody else's code and make a few changes and
slap your own license onto the whole thing.
Post by Imad R. Faiad
and mean well, for if that was not the case, the E4M license
empowers them to do obnoxious things such as i have outlined
The TC v1.0 license doesn't, though. And the TC v2.0 team is apparently a
different group. So the TC 1.0 license was violated as well.
Post by Imad R. Faiad
in the hypothetical example above. so, instead of bitching,
for the sake of the community, let us all lend them our support
and advise.
I've pointed out repeatedly how they could do it in a nice legal manner.

Diff patches are better than nothing (although not as good as a 'from the
ground up' open source product, using one of several open source "virtual
disk" programs.) Each diff patch could be distributed seperately with it's
own license. Not the best solution, but it works well enough it keeps other
projects (such as the LAME mp3 encoder) out of trouble.

But the TC 1 & 2 teams are the ones that will need to do it. TC v1. in
particular because their license prohibits anyone from making an independant
product from it.

It'd be better if somebody who knew Windows programs simply re-created the
patches and fixes that were done in TC 1 and TC 2. That way there'd be a
single author, a single diff patch, a single license for all the changes to
go from e4m to a usable product.
Post by Imad R. Faiad
Ideally, truecrypt or any derivative work of E4M should be GPL'ed,
but, would that be possible? i hope that some GPL guru can shed
some light on that. Mr Le Roux made a big mistake, he should
have GPL'ed E4M, and mind you, had he done so, this would have
even not jeopardized his business pursuits.
I don't think he should have GPL'ed it. I know the GPL is the darling of
the Linux etc. world, but there are definetly other open source licenses
available. That still protect the spirit of Open Source.

Paul's e4m license is already very open. And frankly, I think it's far
better than the GPL because it doesn't try to force itself onto any other
code.

The problems come from other areas, namely the GPL's desire to attach itself
to any included code. And from the TC v2 author's carelessness. (The TC v1
authors were careless too, but not to the degree of TC v2's author was.)
Post by Imad R. Faiad
and finally we should all be grateful to Mr Le Roux for E4M,
That has been acknowledge a lot of times over the years before TrueCrypt v1
came along.
Post by Imad R. Faiad
and the truecrypt people for their derivative work.
Would have certainly been a bit better if they had paid a bit more care to
the licensing issues. It would have avoided nearly all of this mess.

We'd still have the same basic final product, but with a license that would
allow everybody to legally use it and improve it.
Imad R. Faiad
2004-07-05 14:21:40 UTC
Permalink
On Mon, 14 Jun 2004 19:27:16 GMT, in alt.security.pgp "Phillip J. Fry"
Post by Phillip J. Fry
I say "mostly valid" because Shaun H. (the author of Scramdisk) refused to
allow TrueCrypt (or any e4m derivative) to use his Win9x code. He claims
he was unaware of e4m's license and that his code shouldn't have been
distributed in e4m with that license. (Kinda dodgy since he willingly
took e4m's code and used it in his final scramdisk product and used his
license on it.) Still, he is the author of that code, so he does have the
right to change his mind, so the Win9x code was removed from TrueCrypt.
you must be kidding? do you mean that he is incapable of parting with,
excuse my French, his es*reta? i mean, the win9x code is of no useful
value these days, and no developer in his right mind would want to
maintain useless legacy code. if i were to do anything with the
E4M code, i would think that my first order of business would be
get rid of any useless luggage, and that would be the win9x code.
hey, sorry Shaum, but, your code, however great you think it is
just useless luggage in The Year Of Our Lord 2004!
and it just amazes me that after duping the whole community
you have no qualms vicariously throwing liens on stuff which
you never wrote, through, by now, useless contributions
which you willingly made at the time to the E4M project.

this whole thing just baffles me, some people have no shame

my 0c

best regards

Imad R. Faiad
w***@optonline.net
2004-07-05 20:22:59 UTC
Permalink
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Off topic I will pray that heaven receives a good man, in your brother. I
will try to light a candle so his soul sees the light.

Topic sometimes greed is consuming isn't it


thoughts on this
Still the best pgp 6.58
I do have a question which do you think is better encryption fish (two or
blow) or is cast or aes256 still the best
You may notice that I use ripemd 160 as my hashing algorithm I think it
is the best and wonder why pgp 7-8 have trouble with it.




- -----BEGIN PGP SIGNATURE-----
Version: "Ability is nothing without opportunity. " Napoleon Bonaparte
Comment: "Repondez, s'il vous plait,"
Comment: KeyID: 0x3091F91326D886D9
Comment: Fingerprint: B32F D122 E3E6 68C5 65F3 AC6E 3091 F913 26D8 86D9

iQA/AwUBQOm3qDCR+RMm2IbZEQMcJgCfRaFpFpNTD3MVXVT5fUOyD09+uEIAoOKz
TzsXd6LFVRuobrSOyP+/i/zc
=GBEo
- -----END PGP SIGNATURE-----
Sam Simpson
2004-07-05 20:32:04 UTC
Permalink
I guess if the code mattered so little, we wouldn't be having this
discussion?

Whilst the code still has any commercial value (to Shaun, or Securstar) I
can see why they wouldn't release it all. (Not saying I agree, but you can
see the rationale).

Sure, saying you own the rest of e4m sucks, but I've not heard anything
official from SS/Shaun on that topic (or have I missed something?).


Cheers,

Sam
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 14 Jun 2004 19:27:16 GMT, in alt.security.pgp "Phillip J. Fry"
Post by Phillip J. Fry
I say "mostly valid" because Shaun H. (the author of Scramdisk) refused to
allow TrueCrypt (or any e4m derivative) to use his Win9x code. He claims
he was unaware of e4m's license and that his code shouldn't have been
distributed in e4m with that license. (Kinda dodgy since he willingly
took e4m's code and used it in his final scramdisk product and used his
license on it.) Still, he is the author of that code, so he does have the
right to change his mind, so the Win9x code was removed from TrueCrypt.
you must be kidding? do you mean that he is incapable of parting with,
excuse my French, his es*reta? i mean, the win9x code is of no useful
value these days, and no developer in his right mind would want to
maintain useless legacy code. if i were to do anything with the
E4M code, i would think that my first order of business would be
get rid of any useless luggage, and that would be the win9x code.
hey, sorry Shaum, but, your code, however great you think it is
just useless luggage in The Year Of Our Lord 2004!
and it just amazes me that after duping the whole community
you have no qualms vicariously throwing liens on stuff which
you never wrote, through, by now, useless contributions
which you willingly made at the time to the E4M project.
this whole thing just baffles me, some people have no shame
my 0c
best regards
Imad R. Faiad
-----BEGIN PGP SIGNATURE-----
iQA/AwUBQOlGUsmgsX8AH6GtEQJ4lgCg1r4CQlFVND7clMdIzi2OZGbtAbcAoJSn
VNVYxwZ0NXMAkDl1yxpNJCxS
=Kizd
-----END PGP SIGNATURE-----
Phillip J. Fry
2004-07-06 16:30:56 UTC
Permalink
Post by Imad R. Faiad
On Mon, 14 Jun 2004 19:27:16 GMT, in alt.security.pgp "Phillip J. Fry"
Post by Phillip J. Fry
I say "mostly valid" because Shaun H. (the author of Scramdisk) refused to
allow TrueCrypt (or any e4m derivative) to use his Win9x code. He claims
you must be kidding? do you mean that he is incapable of parting with,
I'm not kidding. Right after TC 1 was released, he publicly stated in the
scramdisk forum that he did not know that his Win9x code would be covered by
the e4m license and that he did not know how open the e4m license was
compared to his scramdisk license. And that he had never looked at the e4m
code.

There were a number of comments to his message. None of us really believed
that he didn't know, etc. like he claimed.

We basically came to the conclusion that he made the claim solely to annoy
the TrueCrypt v1.0 team.
Post by Imad R. Faiad
excuse my French, his es*reta? i mean, the win9x code is of no useful
value these days, and no developer in his right mind would want to
Well, nearly 30% of Windows users are still using Win9x of some sort.

Even in a couple of years, I'd expect that to still be above 20%. For a
*lot* of people, especially the poorer people who wont be buying a lot of
new software anyway, Win9x works just fine. And it works just great on
older hardware. It's amazing the differences in OS and hardware required
when you don't play games and you don't actually need Microsoft's latest OS.

The reality is that a lot of people just don't need XP and have no reason
what so ever to buy it. They'll only get it when they get around to buying
a new computer in a few years.


And businesses.... Some of them are still using Windows 95....
Post by Imad R. Faiad
maintain useless legacy code. if i were to do anything with the
E4M code, i would think that my first order of business would be
get rid of any useless luggage, and that would be the win9x code.
I'm not a windows programmer. I haven't done any OS level programming since
the days of DOS, but I've wondered many times whether the current disk
access methods are even needed. It seems overly complicated.

I mean, in the days of DOS, you'd use a TSR to hook into the disk I/O
routines. Then you'd just translate the virtual disk I/O drive, track &
sectors to the real physical address. That gets passed onto the disk I/O
routine like normal. Then when that returns to your code, you decrypt it.
No worries about re-entrancy or such nonesense, or need to write custom
assembly disk access routines.

It just seems to me that the same kind of thing could be done under Win9x
and WinXP, and that the current methods are just overly complicated. With
Win9x, you wouldn't need to do any sort of assembly code. And you wouldn't
have to mess with re-entrancy etc. The virtual disk & crypto stuff would be
a filter.

But, I'm not a windows programmer, so maybe it really is that complicated.

(I think one of the commercial disk defragmenter programs works that way for
XP (or win2k). It lets it defrag the whole drive, including the swap file,
while XP is still running.)

Damn Straight
2004-06-15 01:59:36 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hopefully not too far off topic,
but the sig for this message shows bad,
yet the message only four hours preceding it shows good?
S. Vinder
2004-06-14 20:38:14 UTC
Permalink
Post by Phillip J. Fry
So 5, 6 and 7a are also violated. And there is nothing in TC v1's
license that grants the authority to change the license of any
The TC1 team has not complained, so I am not really sure how you know
that their license has been violated. All they need is permission
to modify and distribute the product. (Some people even speculate that
TC1 team = TC2 team.) So how do you know that TC1 license is violated?
Post by Phillip J. Fry
It'd be better if somebody who knew Windows programs simply re-created
the patches and fixes that were done in TC 1 and TC 2. That way
there'd be a single author, a single diff patch, a single license for
all the changes to go from e4m to a usable product.
"Simply re-create" the changes? This really sounds like you would like
somebody to steal their work and ideas.
Phillip J. Fry
2004-06-14 20:53:35 UTC
Permalink
Post by S. Vinder
Post by Phillip J. Fry
So 5, 6 and 7a are also violated. And there is nothing in TC v1's
license that grants the authority to change the license of any
The TC1 team has not complained, so I am not really sure how you know
Whether they complain or not doesn't change the fact that it was violated.
It goes against what the license says.
Post by S. Vinder
that their license has been violated. All they need is permission
to modify and distribute the product. (Some people even speculate that
Permission in writing from them. Along with permissions from a bunch of
other sources.

Do you have any evidence at all that those permissions have been obtained?
Post by S. Vinder
TC1 team = TC2 team.) So how do you know that TC1 license is violated?
Because I can read. It does not, in any shape, form, or fashion, say that
they did get permission from the TC 1 team, or that they are indeed the TC 1
team.

You and others are just supposing that they might be the same person /
people. Desperately looking for any possible idea to make the license less
invalid.

Baring any *proof* you have to take it at face value. And that is that the
TC1 and TC2 teams are different. And that the permissions were not granted.
And that the license is invalid.
Post by S. Vinder
Post by Phillip J. Fry
It'd be better if somebody who knew Windows programs simply re-created
the patches and fixes that were done in TC 1 and TC 2. That way
there'd be a single author, a single diff patch, a single license for
all the changes to go from e4m to a usable product.
"Simply re-create" the changes? This really sounds like you would like
somebody to steal their work and ideas.
The basic fixes they did to make e4m XP compatable are likely trivial. The
basic code to be NT/2k compatable is already there. All that needs to be
done is figure out what few minor things that XP needs that NT/2k doesn't.

I didn't say they should take the code.

Understanding how something works, or how something fixes some problem, and
then writing it yourself is 100% legal. (Well, assuming patents etc. don't
apply.) That's very different from taking code.

You don't even have to re-create all the changes that TC1 did, just the XP
fixes.

Once the basic XP patches are available, in a seperate patch, then you and
anybody else who wants to can make their own extended version of an OTFE
that works under Win9x, WinNT, Win2k, and WinXP.

Just do it as a Diff patch against the XP patched version of e4m.

Seperate diff patches with seperate licenses, distributed seperately takes
care of the legal issues.

Not as good as a brand new product, but certainly a workable solution to the
licensing mess.
S. Vinder
2004-06-14 22:35:21 UTC
Permalink
Post by Phillip J. Fry
Do you have any evidence at all that those permissions have been
obtained?
I do not have any evidence. You or I do not need to see any evidence.
If they have the permission then that is all that matters (they do not
need to tell us anything, which you apparently do not realize).
Post by Phillip J. Fry
Post by S. Vinder
So how do you know that TC1 license is violated?
Because I can read. It does not, in any shape, form, or fashion, say
that they did get permission from the TC 1 team, or that they are
indeed the TC 1 team.
That they did not say they got it does not mean that they did not get
it. They have the permission and they do not need to write about it
anywhere. Or do you think they are obliged to include something like
"We have a written permission from the TrueCrypt Team" in the manual?
There is nothing in the TC1 license that requires them to do anything
like that.

It is the same as if somebody said that you were a criminal. You are
innocent until proven otherwise. The TC2 team is innocent until proven
otherwise. Got it?
Post by Phillip J. Fry
Baring any *proof* you have to take it at face value. And that is
that the TC1 and TC2 teams are different. And that the permissions
were not granted. And that the license is invalid.
How do you know that the permision was not granted? You know
absolutely nothing! There is only *one* entity that can tell us
whether they got the permission, and that is the TC1 team (and
certainly not trolls like you!)
Post by Phillip J. Fry
The basic fixes they did to make e4m XP compatable are likely trivial.
Maybe trivial, but only to people like you. The fact is that people
waited for 3 years for someone to make E4M XP-compatible. Shaun
Hollingworth (the author of commercial and close sourced Drivecrypt,
which is based on E4M too) was enjoying the situation saying that he
also had to spend a long time trying to make E4M compatible with
Windows XP and that he certainly "is not going to tell people how to
do it". So, Phillip, do not write about things you do not understand
or know very little about. It only makes you look more and more
stupid.
Post by Phillip J. Fry
I didn't say they should take the code.
What you suggested was stealing by paraphrasing.


In conclusion, your troll posts in alt.security.scramdisk already
discredited you enough so I am not really sure why I am wasting my
time on you. I find it quite amusing that you suggested shutting down
the TC2 sites by sending false accusations ("child porn", "terrorism")
to the ISPs and server administrators and now you encourage people to
"re-create" the changes found in TC2.

If I were you, I would be really ashamed of myself. Fortunately, I am
not.
Phillip J. Fry
2004-06-17 00:11:33 UTC
Permalink
Post by S. Vinder
Post by Phillip J. Fry
Post by S. Vinder
So how do you know that TC1 license is violated?
Because I can read. It does not, in any shape, form, or fashion, say
that they did get permission from the TC 1 team, or that they are
indeed the TC 1 team.
That they did not say they got it does not mean that they did not get
it. They have the permission and they do not need to write about it
anywhere. Or do you think they are obliged to include something like
"We have a written permission from the TrueCrypt Team" in the manual?
There is nothing in the TC1 license that requires them to do anything
like that.
There is nothing to what so ever to suggest they did.

And considering TC 1's license and that the entire license is being changed
so drastically, yes a notice of permission would be appropriate.

For a *personal* product, or perhaps even a commercial product (where the
source would never been seen) it wouldn't have to be placed into the docs or
code.

But for open source projects, it would indeed need to be posted. You need
to be able to show a clear license, a chain of permissions or something, to
say that each piece of code can be legally used and made open source.
Post by S. Vinder
How do you know that the permision was not granted? You know
absolutely nothing! There is only *one* entity that can tell us
whether they got the permission, and that is the TC1 team (and
certainly not trolls like you!)
It sure does sound like you are trying very hard to justify the existance &
license of TC 1 & 2.

Me, Sam, Winterminator, and a few others are the only ones in this group
trying to keep things honest and legal.

Everybody else's attitude is more like "Nyah nyah, screw you SecurStar!"
Post by S. Vinder
Post by Phillip J. Fry
The basic fixes they did to make e4m XP compatable are likely trivial.
Maybe trivial, but only to people like you. The fact is that people
"Only to people like you."? I've said many times I know nothing at all
about Windows OS programming. I haven't done any OS level programming since
the days of DOS. What little I've done since then have been generic command
line programs.

Considering the hard part was doing the basic NT/2k driver itself, and that
XP is supposed to be only slightly different, the changes can't be
substantial. Probably more along the lines of a few OS calls here and
there. The kind of thing where you read it and your eyes open wide and you
think "Why didn't I think of that?"

You could probably check some of the other open source 'virtual disk / cd'
projects and find out what's needed.
Post by S. Vinder
waited for 3 years for someone to make E4M XP-compatible. Shaun
Just because people waited that long doesn't mean it took somebody else that
long to make the changes.

In fact, if you look at the source for TC 1, you'll see that the change
dates only spread over a little more than a month. Not long at all if you
are working on it in your spare time.

I don't think anybody else even worked on it until the TC team did. None of
us were OS level programmers. So the long wait says nothing about how hard
the changes are.
Post by S. Vinder
Hollingworth (the author of commercial and close sourced Drivecrypt,
which is based on E4M too) was enjoying the situation saying that he
also had to spend a long time trying to make E4M compatible with
Windows XP and that he certainly "is not going to tell people how to
[shrug] Just because he had trouble doesn't automatically mean that
somebody else would.

I know a number of other hobbiest programmers who have trouble today doing
the kinds of stuff I used to do. And some of them can easily do what I have
trouble with.
Post by S. Vinder
Post by Phillip J. Fry
I didn't say they should take the code.
What you suggested was stealing by paraphrasing.
ROFL.

You apparently don't know a whole lot about programming. Especially *open
source* programming.

If you want to keep secrets, then you don't release source code. That's
kind of the basic principle of open source.

The whole founding priciple of open source programming is to share ideas and
solutions, and yes, code (when licenses are compatable.)

If you don't want people to see how you did something or how you solved some
problem, you simply do not release the source. You do a Shaun and make your
project closed source.

And yes, for the record, back when I did program, I did make my stuff open.
Sometimes copyrighted freeware, sometimes public domain. Even when it took
me months to solve some problem, or come up with a new approach, or new
idea, I made that open too. That's what open source is about. So yes, I do
"practice what I preach."
Post by S. Vinder
time on you. I find it quite amusing that you suggested shutting down
the TC2 sites by sending false accusations ("child porn", "terrorism")
to the ISPs and server administrators and now you encourage people to
"re-create" the changes found in TC2.
If you had read the message (or did you...? You probably read somebody
elses comments) you'd know that I said no such thing. I was pointing out
that the license violating authors of TC v2 attempts to stay anonymous were
a waste of time. That ISPs and web hosts regularly release the names and /
or IP addresses of visitors, without any sort of court order. Even when
violating their own privacy policy.

And that if TC2's authors truely did want to make an open source product
that they could actually distribute openly and even support openly, it was
easy for them to do so. No need to try and hide behind fake web "mirrors"
or anonymous email, etc. And if you'll notice, they still haven't come
forward and done things legally.
nemo (nemo outis)
2004-06-17 01:13:45 UTC
Permalink
Post by Phillip J. Fry
Me, Sam, Winterminator, and a few others are the only ones in this group
trying to keep things honest and legal.
Everybody else's attitude is more like "Nyah nyah, screw you SecurStar!"
None of you can do the slightest fucking thing to make it either
more or less legal. It is what it is. You might as well channel
your energy into changing the orbit of Pluto.

Your (or my) legal advice is worth exactly what has been paid for
it :-)

No, what you are doing is offering comment and opinion (as am I).
An amusing pastime, but not much more.
Post by Phillip J. Fry
And that if TC2's authors truely did want to make an open source product
that they could actually distribute openly and even support openly, it was
easy for them to do so. No need to try and hide behind fake web "mirrors"
or anonymous email, etc. And if you'll notice, they still haven't come
forward and done things legally.
I don't suppose it has occured to you that the TC2 team may not
give a shit about your precious legalistic quibbles. But, in any
case, it is up to them whether to amend their licence, retract
it, fade into the sunset like the TC1 team, just ignore the
entire matter, or do whatever else pops into their heads.

Regards,
Phillip J. Fry
2004-06-17 02:17:27 UTC
Permalink
Post by nemo (nemo outis)
None of you can do the slightest fucking thing to make it either
more or less legal. It is what it is. You might as well channel
your energy into changing the orbit of Pluto.
It could (and still can) be done in a 100% legal manner.

Any C Windows programmer in here could do that. Or at least enough to
generate patches to make the basic e4m compatable with XP.

It wouldn't be a perfect solution, but it'd be a workable solution.
Post by nemo (nemo outis)
You might as well channel
your energy into changing the orbit of Pluto.
And just why do you think Pluto now has such an ecentric orbit...[g]
Post by nemo (nemo outis)
Post by Phillip J. Fry
And that if TC2's authors truely did want to make an open source product
that they could actually distribute openly and even support openly, it was
easy for them to do so. No need to try and hide behind fake web "mirrors"
or anonymous email, etc. And if you'll notice, they still haven't come
forward and done things legally.
I don't suppose it has occured to you that the TC2 team may not
give a shit about your precious legalistic quibbles. But, in any
Yes it has. Many times. I suspected that right off, when they announced it
was under the GPL license. I was willing to give them the benefit of the
doubt and pass it off as a lack of experience with licenses, but considering
how easy it'd be to make TC2 into a legal product, you gotta conclude they
wanted to make an illegal product, rather than a genuine open source
product.

All the more reason to be disgusted with them. I definetly include them in
with the group who's attitude is: "Nyah nyah, screw you SecurStar!" Never
mind legality. Never mind valid licenses. Just giving SecurStar "the
finger" is the only worthwhile goal in life. And if you gotta break a few
laws to do it, then who cares?

It may also not be secure. Anybody with that attitude could easily slip a
few things into the executable. After all, most people (including probably
you) haven't bothered to examine the code or compile it yourself.


Attitudes like that aren't needed in the encryption or open source world.
We need better. Otherwise this is no better than using a key generator for
a warez copy of DriveCrypt or PGPDisk.
nemo (nemo outis)
2004-06-17 13:34:35 UTC
Permalink
Post by Phillip J. Fry
Post by nemo (nemo outis)
None of you can do the slightest fucking thing to make it either
more or less legal. It is what it is. You might as well channel
your energy into changing the orbit of Pluto.
It could (and still can) be done in a 100% legal manner.
Any C Windows programmer in here could do that. Or at least enough to
generate patches to make the basic e4m compatable with XP.
It wouldn't be a perfect solution, but it'd be a workable solution.
You misread my post. I said that YOU cannot do anything about
the licence; I did not say that NO ONE could.
Post by Phillip J. Fry
Post by nemo (nemo outis)
Post by Phillip J. Fry
And that if TC2's authors truely did want to make an open source product
that they could actually distribute openly and even support openly, it
was
Post by nemo (nemo outis)
Post by Phillip J. Fry
easy for them to do so. No need to try and hide behind fake web
"mirrors"
Post by nemo (nemo outis)
Post by Phillip J. Fry
or anonymous email, etc. And if you'll notice, they still haven't come
forward and done things legally.
I don't suppose it has occured to you that the TC2 team may not
give a shit about your precious legalistic quibbles. But, in any
Yes it has. Many times. I suspected that right off, when they announced it
was under the GPL license. I was willing to give them the benefit of the
doubt and pass it off as a lack of experience with licenses, but considering
how easy it'd be to make TC2 into a legal product, you gotta conclude they
wanted to make an illegal product, rather than a genuine open source
product.
Your rashness never ceases to amaze me. I don't have to conclude
*anything* from TC2's (probably) flawed licence. I can suspend
judgment, avoid impetuous speculation and inference, and wait to
see what, if anything, comes of the situation.
Post by Phillip J. Fry
All the more reason to be disgusted with them. I definetly include them in
with the group who's attitude is: "Nyah nyah, screw you SecurStar!" Never
mind legality. Never mind valid licenses. Just giving SecurStar "the
finger" is the only worthwhile goal in life. And if you gotta break a few
laws to do it, then who cares?
And now more rash inferences built on previous rash inferences.
Houses built on foundations of sand. Wild conjecture. Malicious,
disparaging conjecture to boot. Mean-spirited insults towards
the TC2 team who gave us an excellent program.

None of us know dick regarding the TC2 team's motivations and
objectives!
Post by Phillip J. Fry
It may also not be secure. Anybody with that attitude could easily slip a
few things into the executable. After all, most people (including probably
you) haven't bothered to examine the code or compile it yourself.
Code was provided; the option was there. Source code for an OTFE
encryption product was the long-sought-for Holy Grail. Use it or
not, and be grateful the TC2 team has given you the choice.

But that has nothing to do with the licence.

Identification of the TC2 team and a rock-solid licence would do
little for those who demand source code as the sine qua non.
They have shown that they place little faith in reputation (e.g.,
regarding closed-source commercial products)
Post by Phillip J. Fry
Attitudes like that aren't needed in the encryption or open source world.
We need better. Otherwise this is no better than using a key generator for
a warez copy of DriveCrypt or PGPDisk.
Compilable source code for a stable OTFE product was what was
sought (thereby opening an avenue to check for bugs and
backdoors), and that was what was obtained. No warez program
provides that.

But let us turn again to the licence.

A program may have bugs. In this case, a licence has bugs. No
big deal. Even you admit that correcting the "licence bugs"
would be straightforward. So it is much ado about nothing.

The courts have their own version of Shakespeare's point: "De
minimis non curat lex." (The law does not care baout trifles.)

No court is going to get too excited about flaws in a licence
that are readily correctable - especially as no real harm has
been done. (Despite Paul's protestations, it seem to me that the
old E4M licence has been followed, at least loosely, in that Paul
has been acknowledged.)

So, let the TC2 team correct their licence if they evcer get
around to it. In the meantime the rest of us can use their fine
program untroubled about a licence which, although flawed, is
readily correctable and which does no real harm.

Regards,
Imad R. Faiad
2004-06-14 09:57:01 UTC
Permalink
greetings,

I have quoted the E4M license below, it's quite interesting.

while i am no lawyer, as i understand it one may do whatever
one wants with E4M provided the the resulting product is
not called E4M, that the original license should be included
with any portions of the code used, and attribution
to Mr Paul Le Roux should it be a binary distribution.

not sure whether any derivative product may GPL'ed,
perhaps someone more knowledgeable than i may care
to shed some light on this.

Best Regards

Imad R. Faiad

-QUOTE-
License agreement for Encryption for the Masses.

Copyright (C) 1998-2000 Paul Le Roux. All Rights Reserved.

This product can be copied and distributed free of charge, including
source code.

You may modify this product and source code, and distribute such modifications,
and you may derive new works based on this product, provided that:

1. Any product which is simply derived from this product cannot be
called E4M, or Encryption for the Masses.

2. If you use any of the source code in your product, and your product
is distributed with source code, you must include this notice with
those portions of this source code that you use.

Or,

If your product is distributed in binary form only, you must display
on any packaging, and marketing materials which reference
your product, a notice which states:

"This product uses components written by Paul Le Roux <***@swprofessionals.com>"

3. If you use any of the source code originally by Eric Young, you must
in addition follow his terms and conditions.

4. Nothing requires that you accept this License, as you have not
signed it. However, nothing else grants you permission to modify or
distribute the product or its derivative works.

These actions are prohibited by law if you do not accept this License.

5. If any of these license terms is found to be to broad in scope, and
declared invalid by any court or legal process, you agree that all other
terms shall not be so affected, and shall remain valid and enforceable.

6. THIS PROGRAM IS DISTRIBUTED FREE OF CHARGE, THEREFORE THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. UNLESS OTHERWISE
STATED THE PROGRAM IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE
QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

7. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM, INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS, EVEN IF SUCH HOLDER OR OTHER PARTY HAD PREVIOUSLY BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.
-END QUOTE-
Loading...