Anonymity

Anonymity is derived from the Greek word ανωνυμία, meaning "without a name" or "namelessness". In colloquial use, the term typically refers to a person, and often means that the personal identity, or personally identifiable information of that person is not known.

More strictly, and in reference to an arbitrary element (e.g. a human, an object, a computer), within a well-defined set (called the "anonymity set"), "anonymity" of that element refers to the property of that element of not being identifiable within this set. If it is not identifiable, then the element is said to be "anonymous".

An example: Suppose that only Alice, Bob, and Carol have the keys to a bank safe and that, one day, the contents of the safe are missing (without the lock being violated). Without any additional information, we do not know for sure whether it was Alice, Bob or Carol that opened the safe; the perpetrator remains anonymous. In particular, each of the elements in {Alice, Bob, Carol} has a 1/3 chance of being the perpetrator. However, as long as none of them has been identified as being the perpetrator with 100% certainty, we can say that the perpetrator remains anonymous.

Anonymity is not an absolute. That is, the degree of anonymity one enjoys may vary. In the above example, if Carol has an ironclad alibi at the time of the perpetration, then we may deduce that it must have been either Alice or Bob who opened the safe. That is, the probability of the elements {Alice, Bob, Carol} of being the perpetrator is now 1/2, 1/2, and 0 respectively. This clearly amounts to a reduction of the perpetrator's anonymity (i.e. although the perpetrator still remains anonymous, it is now more likely than before that (s)he is either Alice or Bob).

The term "anonymous message" typically refers to message (which is, for example, transmitted over some form of a network) that does not carry any information about its sender and its intended recipient. It is therefore unclear if multiple such messages have been sent by the same sender or if they have the same intended recipient.

Sometimes it is desired that a person can establish a long-term relationship (such as a reputation) with some other entity, without his/her personal identity being disclosed to that entity. In this case, it may be useful for the person to establish a unique identifier, called a pseudonym, with the other entity. Examples of pseudonyms are nicknames, credit card numbers, student numbers, bank account numbers, IP addresses. A pseudonym enables the other entity to link different messages from the same person and, thereby, the maintenance of a long-term relationship. Although typically pseudonyms do not contain personally identifying information, communication that is based on pseudonyms is often not classified as "anonymous", but as "pseudonymous" instead. Indeed, in some contexts, anonymity and pseudonymity are separate concepts.

However, in other contexts what matters is that both anonymity and pseudonymity are concepts that are, among other things, concerned with hiding a person's legal identity. In such contexts people may not distinguish between anonymity and pseudonymity.

The problem of determining whether or not the identity of a communication partner is the same as one previously encountered is the problem of authentication.

Means of obtaining anonymity

Anonymity is a result of not having identifying characteristics (such as a name or description of physical appearance) disclosed. This can occur from a lack of interest in learning the nature of such characteristics, or through intentional efforts to hide these characteristics. An example of the former would include a brief encounter with a stranger, when learning the other person's name is not deemed necessary. An example of the latter would include someone hiding behind clothing that covers identifying features like hair color, scars, or tattoos, in order to avoid identification.

In some cases, anonymity is reached unintentionally, as is often the case with victims of crimes or war battles, when a body is discovered in such a state that the physical features used to identify someone are no longer present. Anonymity is not always found in such morbid situations, however. As an example, a winner of a lottery jackpot is anonymous (one of however many play the lottery) until that person turns in the winning lottery ticket. Many acts of charity are performed anonymously, as well, as benefactors do not wish, for whatever reason, to be acknowledged for their action.

There are many reasons why a person might choose to obscure their identity and become anonymous. Several of these reasons are legal and legitimate - someone, for example, who feels threatened by someone else might attempt to hide from the threat behind various means of anonymity. There are also many illegal reasons to hide behind anonymity. Criminals typically try to keep themselves anonymous either to conceal the fact that a crime has been committed, or to avoid capture.

Anonymity and social situations

Anonymity may reduce the accountability one perceives to have for their actions, and removes the impact these actions might otherwise have on their reputation. This can have dramatic effects, both useful and harmful.

In conversational settings, anonymity may allow people to reveal personal history and feelings without fear of later embarrassment. Electronic conversational media can provide physical isolation, in addition to anonymity. This prevents physical retaliation for remarks, and prevents negative or taboo behavior or discussion from tarnishing the reputation of the speaker. This can be beneficial when discussing very private matters, or taboo subjects or expressing views or revealing facts which may put someone in physical, financial, or legal danger (such as illegal activity, or unpopular or outlawed political views).

With few perceived negative consequences, anonymous or semi-anonymous forums often provide a soapbox for disruptive conversational behavior. Some people^{[attribution needed]} label those who do this online as Internet trolls.

Relative anonymity is often enjoyed in large crowds. Different people have different psychological and philosophical reactions to this development, especially as a modern phenomenon. This anonymity is an important factor in crowd psychology.

Anonymity, commerce, and crime

Anonymous commercial transactions can protect the privacy of consumers. Some consumers prefer to use cash when buying everyday goods (like groceries or tools), to prevent sellers from aggregating information or soliciting them in the future. (Credit cards are linked to a person's name, and can be used to discover other information, such as postal address, phone number, etc.) When purchasing taboo goods and services, anonymity makes many potential consumers more comfortable with or more willing to engage in the transaction. Many loyalty programs use cards which personally identify the consumer engaging in each transaction (possibly for later solicitation, or for redemption or security purposes), or which act as a numerical pseudonym, for use in data mining.

Anonymity can also be used as a protection against legal prosecution. For example, when committing a robbery, many criminals will obscure their faces to avoid identification. In organized crime, groups of criminals may collaborate on a certain project without revealing to each other their names or other personally identifiable information. The anonymous purchase of a gun or knife to be used in a crime helps prevent linking an abandoned weapon to the identity of the perpetrator.

Issues facing the anonymous

Attempts at anonymity are not always met with support from society. There is a trend in society to mistrust someone who makes an effort to maintain their anonymity. This is often summed up in the statement, "You wouldn't want to stay anonymous unless you had something to hide." The implication is that there is no legitimate reason to obscure one's identity from the world as a whole.

Anonymity sometimes clashes with the policies and procedures of governments or private organizations. In the United States, disclosure of identity is required to be able to vote. In airports in most countries, passengers are not allowed to board flights unless they have identified themselves to some sort of airline or transportation security personnel, typically in the form of the presentation of an identification card.

On the other hand, some policies and procedures require anonymity. According to the Universal Declaration of Human Rights, "... periodic and genuine elections which shall be by universal and equal suffrage ... shall be held by secret vote or by equivalent free voting procedures."

Referring to the anonymous

When it is necessary to refer to someone who is anonymous, it is typically necessary to create a type of pseudo-identification for that person. In literature, the most common way to state that the identity of an author is unknown is to refer to them as simply "Anonymous." This is usually the case with older texts in which the author is long dead and unable to claim authorship of a work. When the work claims to be that of some famous author the pseudonymous author is identified as "Pseudo-", as in Pseudo-Dionysius the Areopagite, an author claiming—and long believed—to be Dionysius the Areopagite, an early Christian convert.

Anonymus, in its Latin spelling, generally with a specific city designation, is traditionally used by scholars in the humanities to refer to an ancient writer whose name is not known, or to a manuscript of their work. Very many such writers have left valuable historical or literary records: an incomplete list of such Anonymi is at Anonymus.

In the history of art, many painting workshops can be identified by their characteristic style and discussed and the workshop's output set in chronological order. Sometimes archival research later identifies the name, as when the "Master of Flémalle"—defined by three paintings in the Städelsches Kunstinstitut in Frankfurt— was identified as Robert Campin. The 20th-century art historian Bernard Berenson methodically identified numerous early Renaissance Florentine and Sienese workshops under such sobriquets as "Amico di Sandro" for an anonymous painter in the immediate circle of Sandro Botticelli.

In legal cases, a popularly accepted name to use when it is determined that an individual needs to maintain anonymity is "John Doe." This name is often modified to "Jane Doe" when the anonymity-seeker is female.

The military often feels a need to honor the remains of soldiers for whom identification is impossible. In many countries, such a memorial is named the Tomb of the Unknown Soldier.

Anonymity and the press

Most modern newspapers and magazines attribute their articles to individual editors, or to news agencies. An exception is the British weekly The Economist, which may be world's only un-bylined paper. All British newspapers run their leaders (i.e. editorials) anonymously.

Anonymity and politics

The history of anonymous expression in political dissent is both long and honourable, as in the Letters of Junius or Voltaire's Candide, or scurrilous as in pasquinades. In the tradition of anonymous British political criticism, the Federalist Papers were anonymously authored. Without the public discourse on the controversial contents of the U.S. Constitution, ratification would likely have taken much longer as individuals worked through the issues. The United States Declaration of Independence, however, was not anonymous. If it had been unsigned, it might well have been less effective. In The Infrastructure of Democracy, John Perry Barlow, Joichi Ito, and other US bloggers express a very strong support for anonymous editing as one of the basic requirements of open politics as conducted on the Internet. Saipansucks.com is an example of an anonymously written website that socially and politically criticizes the United States' Commonwealth of the Northern Mariana Islands.

@http://en.wikipedia.org/wiki/Anonymity

What is a Shell Account?

To run an Eggdrop bot, you need a "shell account". This is your own personal space on computer linked to the Internet via high-speed connections, typically housed in a data facility or colocation centre alongside many other computers configured as dedicated "servers". A shell server runs a Unix-derived operating system, such as GNU/Linux or FreeBSD. You can upload files to and run programs on your account using FTP, telnet, or SSH. Shell accounts are very similar to web hosting accounts, but are more basic, cheaper, and feature the tools necessary to compile your own programs, like Eggdrop. The term "shell" comes from the text-based command line interface you use to manage your account on the Unix server.

Unfortunately, unlike Eggdrop, shell accounts generally aren't free. But since they're always connected to the Internet, they are the most popular and cost-effective platform for hosting IRC bots. Shell accounts can also be used for other things, from IRC-related stuff like running a bouncer or your own IRC server, to sending/receiving e-mail, maintaining a web site, and downloading files at high speed for temporary storage (until you're ready to download them to your own machine). You don't have to be experienced with Unix in order to set up and maintain a bot on a shell account, but you will need to learn a few basic commands.

@www.egghelp.org

Installing OpenVPN

OpenVPN can be downloaded here.

For security, it's a good idea to check the file release signature after downloading.

The OpenVPN executable should be installed on both server and client machines, since the single executable provides both client and server functions.

Linux Notes (using RPM package)

If you are using a Linux distribution which supports RPM packages (SuSE, Fedora, Redhat, etc.), it's best to install using this mechanism. The easiest method is to find an existing binary RPM file for your distribution. You can also build your own binary RPM file:

rpmbuild -tb openvpn-[version].tar.gz

Once you have the .rpm file, you can install it with the usual

rpm -ivh openvpn-[details].rpm

or upgrade an existing installation with

rpm -Uvh openvpn-[details].rpm

Installing OpenVPN from a binary RPM package has these dependencies:

• openssl
• lzo
• pam

Furthermore, if you are building your own binary RPM package, there are several additional dependencies:

• openssl-devel
• lzo-devel
• pam-devel

See the openvpn.spec file for additional notes on building an RPM package for Red Hat Linux 9 or building with reduced dependencies.

Linux Notes (without RPM)

If you are using Debian, Gentoo, or a non-RPM-based Linux distribution, use your distro-specific packaging mechanism such as apt-get on Debian or emerge on Gentoo.

It is also possible to install OpenVPN on Linux using the universal ./configure method. First expand the .tar.gz file:

tar xfz openvpn-[version].tar.gz

Then cd to the top-level directory and type:

./configure
make
make install

Windows Notes

OpenVPN for Windows can be installed from the self-installing exe file on the OpenVPN download page. Remember that OpenVPN will only run on Windows 2000 or later. Also note that OpenVPN must be installed and run by a user who has administrative privileges (this restriction is imposed by Windows, not OpenVPN). The restriction can be sidestepped by running OpenVPN in the background as a service, in which case even non-admin users will be able to access the VPN, once it is installed. More discussion on OpenVPN + Windows privilege issues.

OpenVPN can also be installed as a GUI on Windows, using Mathias Sundman's installation package, which will install both OpenVPN and the Windows GUI.

After you run the Windows installer, OpenVPN is ready to use and will associate itself with files having the .ovpn extension. To run OpenVPN, you can:

• Right click on an OpenVPN configuration file (.ovpn) and select Start OpenVPN on this configuration file. Once running, you can use the F4 key to exit.

• Run OpenVPN from a command prompt Window with a command such as:

  openvpn myconfig.ovpn

  Once running in a command prompt window, OpenVPN can be stopped by the F4 key.

• Run OpenVPN as a service by putting one or more .ovpn configuration files in \Program Files\OpenVPN\config and starting the OpenVPN Service, which can be controlled from Start Menu -> Control Panel -> Administrative Tools -> Services.

A GUI is also available for the Windows version of OpenVPN.

Additional Windows install notes.

Mac OS X Notes

Angelo Laub and Dirk Theisen have developed an OpenVPN GUI for OS X.

See also OpenVPN Client and Mac OS X 10.3.

Other OSes

Some notes are available in the INSTALL file for specific OSes. In general, the

./configure
make
make install

method can be used, or you can search for an OpenVPN port or package which is specific to your OS/distribution.

Popular proxy software

• The Squid cache is a popular HTTP proxy server in the UNIX/Linux world.
• The Apache HTTP Server can be configured to act as a proxy server.
• Private Proxy is a software product by PrivacyView Software that connects to an anonymous proxy server to mask a computers IP address.
• Blue Coat's (formerly Cacheflow's) purpose-built SGOS proxies 15 protocols including HTTPS/SSL, has an extensive policy engine and runs on a range of appliances from branch-office to enterprise.
• WinGate is a multi-protocol proxy server and NAT solution that can be used to redirect any kind of traffic on a Microsoft Windows host. It also provides firewall, VPN and mail server functionality. Its WWW proxy supports integrated windows authentication, intercepting proxy, and multi-host reverse-proxying.
• Privoxy is a free, open source web proxy with privacy and ad-blocking features.
• Microsoft Internet Security and Acceleration Server is a product that runs on Windows 2000/2003 servers and combines the functions of both a proxy server and a firewall.
• IceWarp Mail Server includes web server with HTTP proxy which can be configured to screen all traffic with integrated antivirus and/or an external scanner.
• JAP - A local proxy, web anonymizer software connecting to proxy server chains of different organisations
• Tor - A proxy-based anonymizing Internet communication system.
• Proxomitron - User-configurable web proxy used to re-write web pages on the fly. Most noted for blocking ads, but has many other useful features.
• PHProxy is a Web HTTP proxy programmed in PHP to bypass firewalls and other proxy restrictions through a Web interface very similar to the popular CGIProxy.
• The HTTP-Tunnel is a SOCKS and HTTP proxy server and client for Windows.
• SJSWebProxy (SunMicrosystems) is a proxy server for HTTP and HTTPS (CONNECT) requests. It can also serve as a gateway for Ftp and Gopher traffic. It is also free for download.
• Nginx Web and Reverse proxy server, that can act as POP3 proxy server.
• SSH Secure Shell can be configured to proxify a connection, by setting up a SOCKS proxy on the client, and tunneling the traffic through the SSH connection.
• yProxy is a NNTP proxy server that converts yEnc encoded message attachments to UUEncoding, complete with SSL client support.
• PingFu is a proxy server and client for TCP and UDP applications
• WWWOFFLE has been around since the mid-1990s, and was developed for storing online data for offline use.
• Varnish is a high-performance HTTP accelerator with some features comparable to squid.
• Ziproxy is a non-caching proxy for acceleration purposes. It recompresses pictures and optimizes html code, among other features.

Advanced Installation Guide

Contributed by Valentino Vaschetto.

This section describes how to install FreeBSD in exceptional cases.

Installing FreeBSD on a System without a Monitor or Keyboard

This type of installation is called a “headless install”, because the machine that you are trying to install FreeBSD on either does not have a monitor attached to it, or does not even have a VGA output. How is this possible you ask? Using a serial console. A serial console is basically using another machine to act as the main display and keyboard for a system. To do this, just follow the steps to create installation floppies, explained in Section 2.3.7.

To modify these floppies to boot into a serial console, follow these steps:

1. Enabling the Boot Floppies to Boot into a Serial Console

If you were to boot into the floppies that you just made, FreeBSD would boot into its normal install mode. We want FreeBSD to boot into a serial console for our install. To do this, you have to mount the boot.flp floppy onto your FreeBSD system using the mount(8) command.

# mount /dev/fd0 /mnt

Now that you have the floppy mounted, you must change into the /mnt directory:

# cd /mnt

Here is where you must set the floppy to boot into a serial console. You have to make a file called boot.config containing /boot/loader -h. All this does is pass a flag to the bootloader to boot into a serial console.

# echo "/boot/loader -h" > boot.config

Now that you have your floppy configured correctly, you must unmount the floppy using the umount(8) command:

# cd /

# umount /mnt

Now you can remove the floppy from the floppy drive.

2. Connecting Your Null-modem Cable

You now need to connect a null-modem cable between the two machines. Just connect the cable to the serial ports of the 2 machines. A normal serial cable will not work here, you need a null-modem cable because it has some of the wires inside crossed over.

3. Booting Up for the Install

It is now time to go ahead and start the install. Put the boot.flp floppy in the floppy drive of the machine you are doing the headless install on, and power on the machine.

4. Connecting to Your Headless Machine

Now you have to connect to that machine with cu(1):

# cu -l /dev/cuad0

On FreeBSD 5.X, use /dev/cuaa0 instead of /dev/cuad0.

That's it! You should now be able to control the headless machine through your cu session. It will ask you to put in the kern1.flp, and then it will come up with a selection of what kind of terminal to use. Select the FreeBSD color console and proceed with your install!

Preparing Your Own Installation Media

Note: To prevent repetition, “FreeBSD disc” in this context means a FreeBSD CDROM or DVD that you have purchased or produced yourself.

There may be some situations in which you need to create your own FreeBSD installation media and/or source. This might be physical media, such as a tape, or a source that sysinstall can use to retrieve the files, such as a local FTP site, or an MS-DOS® partition.

For example:

· You have many machines connected to your local network, and one FreeBSD disc. You want to create a local FTP site using the contents of the FreeBSD disc, and then have your machines use this local FTP site instead of needing to connect to the Internet.

· You have a FreeBSD disc, and FreeBSD does not recognize your CD/DVD drive, but MS-DOS/Windows® does. You want to copy the FreeBSD installation files to a DOS partition on the same computer, and then install FreeBSD using those files.

· The computer you want to install on does not have a CD/DVD drive or a network card, but you can connect a “Laplink-style” serial or parallel cable to a computer that does.

· You want to create a tape that can be used to install FreeBSD.

Creating an Installation CDROM

As part of each release, the FreeBSD project makes available at least two CDROM images (“ISO images”) per supported architecture. These images can be written (“burned”) to CDs if you have a CD writer, and then used to install FreeBSD. If you have a CD writer, and bandwidth is cheap, then this is the easiest way to install FreeBSD.

1. Download the Correct ISO Images

The ISO images for each release can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/ISO-IMAGES-arch/version or the closest mirror. Substitute arch and version as appropriate.

That directory will normally contain the following images:

Table 2-4. FreeBSD 5.X and 6.X ISO Image Names and Meanings

Filename	Contains
version-RELEASE-arch-bootonly.iso	Everything you need to boot into a FreeBSD kernel and start the installation interface. The installable files have to be pulled over FTP or some other supported source.
version-RELEASE-arch-disc1.iso	Everything you need to install FreeBSD and a “live filesystem”, which is used in conjunction with the “Repair” facility in sysinstall.
version-RELEASE-arch-disc2.iso	FreeBSD documentation (prior to FreeBSD 6.2) and as many third-party packages as would fit on the disc.
version-RELEASE-arch-docs.iso	FreeBSD documentation (for FreeBSD 6.2 and later).

You must download one of either the bootonly ISO image (if available), or the image of disc one. Do not download both of them, since the disc one image contains everything that the bootonly ISO image contains.

Use the bootonly ISO if Internet access is cheap for you. It will let you install FreeBSD, and you can then install third-party packages by downloading them using the ports/packages system (see Chapter 4) as necessary.

Use the image of disc one if you want to install a FreeBSD release and want a reasonable selection of third-party packages on the disc as well.

The additional disc images are useful, but not essential, especially if you have high-speed access to the Internet.

2. Write the CDs

You must then write the CD images to disc. If you will be doing this on another FreeBSD system then see Section 18.6 for more information (in particular, Section 18.6.3 and Section 18.6.4).

If you will be doing this on another platform then you will need to use whatever utilities exist to control your CD writer on that platform. The images provided are in the standard ISO format, which many CD writing applications support.

Note: If you are interested in building a customized release of FreeBSD, please see the Release Engineering Article.

Creating a Local FTP Site with a FreeBSD Disc

FreeBSD discs are laid out in the same way as the FTP site. This makes it very easy for you to create a local FTP site that can be used by other machines on your network when installing FreeBSD.

1. On the FreeBSD computer that will host the FTP site, ensure that the CDROM is in the drive, and mounted on /cdrom.

2.           # mount /cdrom

3. Create an account for anonymous FTP in /etc/passwd. Do this by editing /etc/passwd using vipw(8) and adding this line:

4.           ftp:*:99:99::0:0:FTP:/cdrom:/nonexistent

5. Ensure that the FTP service is enabled in /etc/inetd.conf.

Anyone with network connectivity to your machine can now chose a media type of FTP and type in ftp://your machine after picking “Other” in the FTP sites menu during the install.

Note: If the boot media (floppy disks, usually) for your FTP clients is not precisely the same version as that provided by the local FTP site, then sysinstall will not let you complete the installation. If the versions are not similar and you want to override this, you must go into the Options menu and change distribution name to any.

Warning: This approach is OK for a machine that is on your local network, and that is protected by your firewall. Offering up FTP services to other machines over the Internet (and not your local network) exposes your computer to the attention of crackers and other undesirables. We strongly recommend that you follow good security practices if you do this.

Creating Installation Floppies

If you must install from floppy disk (which we suggest you do not do), either due to unsupported hardware or simply because you insist on doing things the hard way, you must first prepare some floppies for the installation.

At a minimum, you will need as many 1.44 MB floppies as it takes to hold all the files in the base (base distribution) directory. If you are preparing the floppies from DOS, then they must be formatted using the MS-DOS FORMAT command. If you are using Windows, use Explorer to format the disks (right-click on the A: drive, and select “Format”).

Do not trust factory pre-formatted floppies. Format them again yourself, just to be sure. Many problems reported by our users in the past have resulted from the use of improperly formatted media, which is why we are making a point of it now.

If you are creating the floppies on another FreeBSD machine, a format is still not a bad idea, though you do not need to put a DOS filesystem on each floppy. You can use the bsdlabel and newfs commands to put a UFS filesystem on them instead, as the following sequence of commands (for a 3.5" 1.44 MB floppy) illustrates:

# fdformat -f 1440 fd0.1440

# bsdlabel -w fd0.1440 floppy3

# newfs -t 2 -u 18 -l 1 -i 65536 /dev/fd0

Then you can mount and write to them like any other filesystem.

After you have formatted the floppies, you will need to copy the files to them. The distribution files are split into chunks conveniently sized so that five of them will fit on a conventional 1.44 MB floppy. Go through all your floppies, packing as many files as will fit on each one, until you have all of the distributions you want packed up in this fashion. Each distribution should go into a subdirectory on the floppy, e.g.: a:\base\base.aa, a:\base\base.ab, and so on.

Important: The base.inf file also needs to go on the first floppy of the base set since it is read by the installation program in order to figure out how many additional pieces to look for when fetching and concatenating the distribution.

Once you come to the Media screen during the install process, select Floppy and you will be prompted for the rest.

Installing from an MS-DOS® Partition

To prepare for an installation from an MS-DOS partition, copy the files from the distribution into a directory called freebsd in the root directory of the partition. For example, c:\freebsd. The directory structure of the CDROM or FTP site must be partially reproduced within this directory, so we suggest using the DOS xcopy command if you are copying it from a CD. For example, to prepare for a minimal installation of FreeBSD:

C:\> md c:\freebsd

C:\> xcopy e:\bin c:\freebsd\bin\ /s

C:\> xcopy e:\manpages c:\freebsd\manpages\ /s

Assuming that C: is where you have free space and E: is where your CDROM is mounted.

If you do not have a CDROM drive, you can download the distribution from ftp.FreeBSD.org. Each distribution is in its own directory; for example, the base distribution can be found in the 6.2/base/ directory.

For as many distributions you wish to install from an MS-DOS partition (and you have the free space for), install each one under c:\freebsd -- the BIN distribution is the only one required for a minimum installation.

Creating an Installation Tape

Installing from tape is probably the easiest method, short of an online FTP install or CDROM install. The installation program expects the files to be simply tarred onto the tape. After getting all of the distribution files you are interested in, simply tar them onto the tape:

# cd /freebsd/distdir

# tar cvf /dev/rwt0 dist1 ... dist2

When you perform the installation, you should make sure that you leave enough room in some temporary directory (which you will be allowed to choose) to accommodate the full contents of the tape you have created. Due to the non-random access nature of tapes, this method of installation requires quite a bit of temporary storage.

Note: When starting the installation, the tape must be in the drive before booting from the boot floppy. The installation probe may otherwise fail to find it.

Before Installing over a Network

There are three types of network installations available. Ethernet (a standard Ethernet controller), Serial port (SLIP or PPP), or Parallel port (PLIP (laplink cable)).

For the fastest possible network installation, an Ethernet adapter is always a good choice! FreeBSD supports most common PC Ethernet cards; a table of supported cards (and their required settings) is provided in the Hardware Notes for each release of FreeBSD. If you are using one of the supported PCMCIA Ethernet cards, also be sure that it is plugged in before the laptop is powered on! FreeBSD does not, unfortunately, currently support hot insertion of PCMCIA cards during installation.

You will also need to know your IP address on the network, the netmask value for your address class, and the name of your machine. If you are installing over a PPP connection and do not have a static IP, fear not, the IP address can be dynamically assigned by your ISP. Your system administrator can tell you which values to use for your particular network setup. If you will be referring to other hosts by name rather than IP address, you will also need a name server and possibly the address of a gateway (if you are using PPP, it is your provider's IP address) to use in talking to it. If you want to install by FTP via a HTTP proxy, you will also need the proxy's address. If you do not know the answers to all or most of these questions, then you should really probably talk to your system administrator or ISP before trying this type of installation.

The SLIP support is rather primitive, and limited primarily to hard-wired links, such as a serial cable running between a laptop computer and another computer. The link should be hard-wired as the SLIP installation does not currently offer a dialing capability; that facility is provided with the PPP utility, which should be used in preference to SLIP whenever possible.

If you are using a modem, then PPP is almost certainly your only choice. Make sure that you have your service provider's information handy as you will need to know it fairly early in the installation process.

If you use PAP or CHAP to connect your ISP (in other words, if you can connect to the ISP in Windows without using a script), then all you will need to do is type in dial at the ppp prompt. Otherwise, you will need to know how to dial your ISP using the “AT commands” specific to your modem, as the PPP dialer provides only a very simple terminal emulator. Please refer to the user-ppp handbook and FAQ entries for further information. If you have problems, logging can be directed to the screen using the command set log local ....

If a hard-wired connection to another FreeBSD (2.0-R or later) machine is available, you might also consider installing over a “laplink” parallel port cable. The data rate over the parallel port is much higher than what is typically possible over a serial line (up to 50 kbytes/sec), thus resulting in a quicker installation.

Before Installing via NFS

The NFS installation is fairly straight-forward. Simply copy the FreeBSD distribution files you want onto an NFS server and then point the NFS media selection at it.

If this server supports only “privileged port” (as is generally the default for Sun workstations), you will need to set the option NFS Secure in the Options menu before installation can proceed.

If you have a poor quality Ethernet card which suffers from very slow transfer rates, you may also wish to toggle the NFS Slow flag.

In order for NFS installation to work, the server must support subdir mounts, for example, if your FreeBSD 6.2 distribution directory lives on: ziggy:/usr/archive/stuff/FreeBSD, then ziggy will have to allow the direct mounting of /usr/archive/stuff/FreeBSD, not just /usr or /usr/archive/stuff.

In FreeBSD's /etc/exports file, this is controlled by the -alldirs options. Other NFS servers may have different conventions. If you are getting “permission denied” messages from the server, then it is likely that you do not have this enabled properly.

Encryption Key Management

What needs to be done to effectively store the keys to your encrypted data.

· Published: Aug 22, 2007

· Updated: Aug 22, 2007

· Section: Articles :: Authentication, Access Control & Encryption

· Author: Ricky M. Magalhaes

This article is about Encryption key management, and will highlight what needs to be done to effectively store the keys to your encrypted data. Information in this article will prove useful and in many instances you may find that only after reading this article it will become apparent that encryption and key management needs to be well managed, to avoid catastrophe.

Encryption, a brief background

Man has always wanted to communicate with a trusted party in a confidential manner. In times of war the encryption used to transmit and store information was vital to winning the war. Today organizations are connected to the internet, using the internet as a medium the organization can communicate and transact with clients, suppliers and its own employees. Keeping the transactions confidential and the stored data confidential is a challenge, and many organizations have started to employ strong technical controls like device encryption and content (data) encryption to better secure their data and communications.

Encryption by virtue is a way of keeping data confidential and unreadable by unauthorized users. Typically a cipher is used; the cipher can be described as a lock, together with a key to process or Encrypt - lock and Decrypt - unlock the data. What was readable data, once processed, now becomes unreadable without the correct cipher and most importantly the key.

But why is the key so important? Well let’s look at this question logically. You have a safe. In the safe you have valuables. You need a key to get into the safe. If you lose the key to the safe it will take too long to get to your valuables. In turn this will cause a denial of service, meaning you will be denied access to your valuables. Now we have a few questions to ask ourselves. Where do we keep the key? Would it be a good idea to keep the key on top of the safe? If an intruder were to get into the location where the safe is, then he would most likely search for the key then gain access to the valuables. Even keeping the key in the same room as the safe is potentially a problem, as this could result in an unauthorized person locating the key.

It is clear that keys are fundamental to opening locks; similarly encryption keys are used to decrypt encrypted data and communication. It is clear that if the keys were found and copied, destroyed or lost, you would have a problem gaining access to whatever the keys were protecting. Ever lost the keys to your car? Not a good feeling… If you have a spare set, then you can find those and use them, but you are left wondering about who found the keys and what they might do with the keys.

Types of keys

Below are some different types of keys as described by NIST in the Key lifecycle documentation available

Key Management Lifecycle

• Signing Keys
• Transport Private Keys
• Public Keys Used to Verify
• Static Key Agreement Private Keys
• Digital Signatures
• Static Key Agreement Public Keys
• Secret Authentication Keys
• Domain Parameters
• Public Authorization Keys
• Initialization Vectors
• Long term Data Encrypting Keys
• Shared Secrets
• Encrypted Keys
• Seeds
• Master Keys Used to Derive

So what is the solution?

It is very important to treat keys with the same, if not higher, regard to what the keys protect. If the encryption key protects your laptop and the prime is lost, it can result in you losing access to all the data on your laptop. Then it may be a good idea to have proper key management.

Key management

Good key management entails 10 simple yet necessary steps which will ensure that you will be able to gain access to your data or communications in a secure manner when you need it. Reference: NIST

Generally Should Archive

• Signature verification key,
• Secret authentication key,
• Public authentication key,
• Long term data encryption,
• Key encrypting key used,
• Key for key wrapping
• Domain parameters

Should Not Archive

• Signing key,
• Private authentication key,
• Short term data encryption key,
• RNG key,
• Key transport public key,
• Ephemeral key agreement,
• Private keys,
• Secret authorization key,
• Private authorization key,
• Public authorization key,
• Intermediate results and key material.

1. Make a backup of your encryption keys. If the encryption keys change, ensure that the changes are also backed up. This includes the restorability of the keys that are used for your archived data. If ever you need to restore the data you will need to decrypt the data. Countless organizations fall victim to this because of poor key management.
2. Ensure that the backups are recoverable and an effective disaster recovery plan that details the recovery of the keys from backup is in place. If historical data has been encrypted then this data should also be recovered and decrypted as part of your test.
   
   Note:
   As discussed in this article, storing the decryption keys with the encrypted data is bad practice, for this reason the keys should not be stored on the tapes that contain the encrypted achieved data.
3. Make sure that the logical access control to your encryption keys is secure and available to authorized users. Logical access to keys plays a vital role in keeping your data encrypted. Storing encryption keys on your local drives can lead to compromise, especially if the computer or device is partially encrypted. Typically keys are stored securely out of reach in a secure location.
4. Ensure that the keys are stored in a physically secure environment and that only authorized users can gain access to the keys. Physical access controls are of high importance as disruption in the key availability may result in failure in the decryption process.
5. Escrow the keys with a trusted third party, although you may feel that this is not a necessary step when things go wrong, I can assure you, you will wish you had escrowed the keys. Typically keys are escrowed and kept safely for many organizations without incident.
6. Ensure that the keys are not stored logically where someone could make a duplicate or destroy the key. Logical access controls are not enough if an unauthorized user can alter the state of the machine that the keys are stored on remotely or physically you will have a denial of service on your hands, resulting in the data not being able to be decrypted.
7. Ensure that you have a way of disposing the keys, locking out older, possibly compromised keys and creating new keys that will decrypt the data. This process needs to be carefully managed and security needs to be monitored throughout. It is common that through the key issue and revocation process a key compromise is structured by an unauthorized user.
8. Understand what data and communications has been encrypted by the keys so that if you have to issue a new key you are able to first decrypt and encrypt the data if your software does not perform this function automatically.
9. Ensure that the key is only used and issued from a secure system; often this rule is overlooked and will result in compromise. Not all computer systems are secure and as rootkits and software recording software become more pervasive caution needs to be taken when using the decryption key. Systems like the ones found at internet kiosks and other public facilities are good examples where more caution is needed.
10. Ensure that the key generation process has high security and that the process has integrity.

The above ten rules are guidelines that will aid an organization and individual in effectively managing keys to their most confidential information. On many occasions, decryption fails because of fundamental pitfalls made by key staff members that manage keys but lack the experience to make the right decisions.

Conclusion

Keeping an organization secure has many facets. In particular one of them is Encryption key management without the careful consideration of how the keys are managed. You may find yourself or your organization in a sticky situation. This article has taken you through a brief yet useful key management journey that will aid in keeping your organization and its encrypted data available and secure.

2007@www.windowsecurity.com

What is marijuana?

Marijuana is the dried flowers, leaves and stems of the Cannabis sativa plant. The main active ingredient in marijuana is THC (delta 9 tetrhydrocannabinol). Marijuana can range from 1% THC to 8%. Hashish can be 7% to 14% THC and hash oil is up to 50% THC. THC is a fat soluble substance and can remain in the lungs and brain tissue for up to 3 weeks. There are over 200 nicknames for marijuana, including pot, herb, mary jane and chronic.

How is marijuana used?
Marijuana is usually smoked, using a pipe, a bong or by rolling a joint. Blunts are cigars that are emptied of tobacco and refilled with marijuana, sometimes in combination with other drugs. It can also be eaten in food, for example, by baking it in brownies.

Why do people use marijuana?
Smoking marijuana can relax a person and elevate their mood. This can be followed by drowsiness and sedation. Other effects include heightened sensory awareness, euphoria, altered perceptions and feeling hungry ("the munchies"). High concentrations of THC may produce a more hallucinogenic response.

Are there short-term dangers of smoking marijuana?
Discomforts associated with smoking marijuana include dry mouth, dry eyes, increased heart rate and visible signs of intoxication such as bloodshot eyes and puffy eyelids. Other problems include:

• Impaired memory and ability to learn
• Difficulty thinking and problem solving
• Anxiety attacks or feelings of paranoia
• Impaired muscle coordination and judgment
• Increased susceptibility to infections
• Dangerous impairment of driving skills. Studies show that it impairs braking time, attention to traffic signals and other driving behaviors.
• Cardiac problems for people with heart disease or high blood pressure, because marijuana increases the heart rate

It is virtually impossible to overdose from marijuana, which sets it apart from most drugs.

Are there long-term consequences to smoking marijuana?
Respiratory problems
Someone who smokes marijuana regularly can have many of the same respiratory problems as cigarette smokers. Persistent coughing, symptoms of bronchitis and more frequent chest colds are possible symptoms. There are over 400 chemicals that have been found in marijuana smoke. Benzyprene, a known human carcinogen, is present in marijuana smoke. Regardless of the THC content, the amount of tar inhaled by marijuana smokers and the level of carbon monoxide are 3 to 5 times higher than in cigarette smoke. This is most likely due to inhaling marijuana more deeply, holding the smoke in the lungs and because marijuana smoke is unfiltered.

Memory and learning
Recent research shows that regular marijuana use compromises the ability to learn and to remember information by impairing the ability to focus, sustain, and shift attention. One study also found that long-term use reduces the ability to organize and integrate complex information.

In addition, marijuana impairs short-term memory and decreases motivation to accomplish tasks, even after the high is over. In one study, even small doses impaired the ability to recall words from a list seen 20 minutes earlier.

Fertility
Long-term marijuana use suppresses the production of hormones that help regulate the reproductive system. For men, this can cause decreased sperm counts and very heavy users can experience erectile dysfunction. Women may experience irregular periods from heavy marijuana use. These problems would most likely result in a decreased ability to conceive but not lead to complete infertility.

Is marijuana addictive?
No one would argue that marijuana is as addictive as alcohol or cocaine. However, it's wrong to say that it is not at all addictive. More and more studies are finding that marijuana has addictive properties. Both animal and human studies show physical and psychological withdrawal symptoms from marijuana, including irritability, restlessness, insomnia, nausea and intense dreams. Tolerance to marijuana also builds up rapidly. Heavy users need 8 times higher doses to get the same effects as infrequent users.

For a small percentage of people who use it, marijuana can be highly addictive. It is estimated that 10% to 14% of users will become heavily dependent. More than 120,000 people in the US seek treatment for marijuana addiction every year. Because the consequences of marijuana use can be subtle and insidious, it is more difficult to recognize signs of addiction. Cultural and societal beliefs that marijuana cannot be addictive make it less likely for people to seek help or to get support for quitting.

How do I recognize a problem with marijuana?
Some warning signs are:

• More frequent use
• Needing more and more to get the same effect
• Spending time thinking about using marijuana
• Spending more money than you have on it
• Missing class or failing to finish assignments because of marijuana
• Making new friends who do it and neglecting old friends who don't
• Finding it's hard to be happy without it

Because THC is fat soluble and remains in the body for up to 3 weeks, it's important to remember that withdrawal symptoms might not be felt immediately. If you find that you can't stop using marijuana, then remember, there's help on campus.

Is marijuana illegal?
Yes, marijuana is illegal and its possession, use, and sale carry heavy prison sentences and fines and disciplinary consequences at Brown. See the Brown University Policy on Drugs in the Student Handbook

What about the medical use of marijuana?
Marijuana's ability to enhance appetite has led to its medical use to reduce the physical wasting caused by AIDS and to reduce nausea for chemotherapy patients. According to the Marijuana Policy Project, 11 states have laws that allow patients to use medical marijuana despite the prohibition by federal law. For more information on state and federal laws, go the Marijuana Policy Project.

How do I help a friend who's having trouble with drugs?
If you are concerned about a friend's drug or alcohol use, this page contains information about different ways to help them.

Resources at Brown and in Providence
If you or a friend are having trouble with drugs or alcohol, or just have questions, there is help available.

from: www.brown.edu