|
Home > Archive > Anonymous Servers > February 2007 > [OmniMix] New release 1.0.0.0
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[OmniMix] New release 1.0.0.0
|
|
| Christian Danner 2007-02-17, 7:11 pm |
| Hi all!
I'm glad to announce the release of OmniMix 1.0.0.0.
Major changes:
- Installer with integration of all necessary components.
- Changeover from PGP to GnuPG.
Then there are some important bug fixes.
Please consult the history file for further details.
You'll find the new version at
http://www.danner-net.de/om/OmniMix..._Uno_Setup.exe.
Especially after such a sweeping rewriting any comments and problems
reports most appreciated.
Many thanks to all of you who helped me build this version.
Kind regards
Christian
--
OmniMix .. protect your privacy
http://www.danner-net.de/om.htm
| |
|
|
| Noiano 2007-02-18, 7:13 am |
| Anonyma wrote:
>
> Source code...?
>
Same question 
| |
| Anonyma 2007-02-20, 1:13 pm |
| > Source code...?
And what for? Unfortunately such a safety measure simply doesn't work
with Windows. You have no standardized programming environment aboard
that allows all potential users to build binaries on their own. Even
if you yourself have scrutinized every line of the source code given
to you, bought Delphi, installed all necessary components and finally
compiled your private edition of Omnimix, which may look somehow
similar to the original, who are you to tell the world that it's o.k.?
And if some representative of an honest NGO signs an NDA and gets the
code, should they exercise the steps above for every release and in
consequence become the official issuer of this software?
That's why, apart from waiting for the bad thing happening, I only see
one way out:
AFAICS all message encryption is done by the external GPG and
Mixmaster executables with the data transferred in both directions by
file. Therefore for someone skilled in debugging there should be no
problem to watch the clear text input and encrypted output of those
(hopefully trustworthy) programs and compare the data with what's sent
to the mail host. This could even be automated with a few lines of
code written by a person unrelated to the author and then applied by
everyone interested to any version he uses.
Besides, no matter what software is available, my grandma still
handrolls her two bomb threats a year with PGP 2.6.3i whilst in the
meantime using Omnimix for her low-security everyday news
contributions and mail. She argues, that she trusts none other than
herself, but OTOH isn't able to compile any Mixminion, Mixmaster,
Reliable, JBN, Quicksilver or whatever source code on her Windows
system or to actually take the time to read all that stuff. Up to now
she's proven right.
..
| |
| Cyberiade.it Anonymous Remailer 2007-02-20, 1:13 pm |
| In article <246b8cb42d5a0feffd7b6767007985dc@deuxpi.ca>
Anonyma <anon-bounces@deuxpi.ca> wrote:
>
>
> And what for? Unfortunately such a safety measure simply doesn't work
> with Windows. You have no standardized programming environment aboard
> that allows all potential users to build binaries on their own. Even
I'm not using Windows; I'm running it under Wine on Linux.
> if you yourself have scrutinized every line of the source code given
> to you, bought Delphi, installed all necessary components and finally
> compiled your private edition of Omnimix, which may look somehow
> similar to the original, who are you to tell the world that it's o.k.?
Who says that I want to tell the world that it's ok? The source code
allows me to review the program to make sure it's not doing anything
bad, and then compile it myself to assure that the binary is from the
source code I reviewed.
> And if some representative of an honest NGO signs an NDA and gets the
> code, should they exercise the steps above for every release and in
> consequence become the official issuer of this software?
>
I'm really not sure why you are talking about NGO's and NDA's. Every
other security program releases source code. PGP, GnuPG, Mixmaster,
Mixminion, Tor, Vidalia, Truecrypt, JBN2, QS, that mixminion front
end that I can't remember the name of any more, front ends for GnuPG,
the list goes on. None of those require NDA's.
Source code for anything that provides a front end to an
anonymity/encryption/privacy program is usually a no-brainer.
> AFAICS all message encryption is done by the external GPG and
> Mixmaster executables with the data transferred in both directions by
> file. Therefore for someone skilled in debugging there should be no
> problem to watch the clear text input and encrypted output of those
> (hopefully trustworthy) programs and compare the data with what's sent
> to the mail host. This could even be automated with a few lines of
> code written by a person unrelated to the author and then applied by
> everyone interested to any version he uses.
Or like all other programs in this category, he could just release
the source code. What's to hide? Nobody else has any problem doing
just that.
> Besides, no matter what software is available, my grandma still
> handrolls her two bomb threats a year with PGP 2.6.3i whilst in the
> meantime using Omnimix for her low-security everyday news
> contributions and mail. She argues, that she trusts none other than
> herself, but OTOH isn't able to compile any Mixminion, Mixmaster,
> Reliable, JBN, Quicksilver or whatever source code on her Windows
> system or to actually take the time to read all that stuff. Up to now
> she's proven right.
While your grandma may not be able to read source code or review it,
some of us are quite capable of doing so, especially for a program
that is just a front end to other programs and so won't have millions
of lines of source.
| |
| Anonyma 2007-02-20, 7:13 pm |
| Cyberiade.it Anonymous Remailer wrote:
> Or like all other programs in this category, he could just release
> the source code. What's to hide? Nobody else has any problem doing
> just that.
This has always been an issue with OmniMix, and Christian always has
some excuse or empty promise to offer up when someone asks about it.
It's always "needs cleaned up" or "next version", but those things
never happen.
Either Christian lacks any confidence in his programming skills at all,
in which case why should anyone else trust them, or he's hiding
something. Either way it's a bad thing and reason enough to stay away
from OM if you're serious at all about privacy.
| |
| Non scrivetemi 2007-02-20, 7:13 pm |
| Anonyma wrote:
>
> And what for? Unfortunately such a safety measure simply doesn't work
> with Windows.
Hogwash. First of all, the purpose of releasing source code isn't to
allow others to build as much as it's to help reduce the chances that
buggy software is being used.
Second of all, if you want to build your own even on Windows you can
certainly do that. Yes you'll probably have to add a few things to your
installation first, but if you've ever compiled anything beyond "Hello
World" on Linux you know it has its own dependency problems.
| |
| Anonymous 2007-02-20, 7:13 pm |
| >> Or like all other programs in this category, he could just release
>
> This has always been an issue with OmniMix, and Christian always has
> some excuse or empty promise to offer up when someone asks about it.
> It's always "needs cleaned up" or "next version", but those things
> never happen.
>
> Either Christian lacks any confidence in his programming skills at all,
> in which case why should anyone else trust them, or he's hiding
> something. Either way it's a bad thing and reason enough to stay away
> from OM if you're serious at all about privacy.
>
If he's just concerned about his code looking
like something resembling spaghetti, nobody
would care about that. People just want to
view it so that we know exactly what it does.
He doesn't need to be ashamed of the quality
of the code.
| |
| Anonymous 2007-02-22, 1:13 pm |
| > Source code...?
And what for? Unfortunately such a safety measure simply doesn't work
with Windows. You have no standardized programming environment aboard
that allows all potential users to build binaries on their own. Even
if you yourself have scrutinized every line of the source code given
to you, bought Delphi, installed all necessary components and finally
compiled your private edition of Omnimix, which may look somehow
similar to the original, who are you to tell the world that it's o.k.?
And if some representative of an honest NGO signs an NDA and gets the
code, should they exercise the steps above for every release and in
consequence become the official issuer of this software?
That's why, apart from waiting for the bad thing happening, I only see
one way out:
AFAICS all message encryption is done by the external GPG and
Mixmaster executables with the data transferred in both directions by
file. Therefore for someone skilled in debugging there should be no
problem to watch the clear text input and encrypted output of those
(hopefully trustworthy) programs and compare the data with what's sent
to the mail host. This could even be automated with a few lines of
code written by a person unrelated to the author and then applied by
everyone interested to any version he uses.
Besides, no matter what software is available, my grandma still
handrolls her two bomb threats a year with PGP 2.6.3i whilst in the
meantime using Omnimix for her low-security everyday news
contributions and mail. She argues, that she trusts none other than
herself, but OTOH isn't able to compile any Mixminion, Mixmaster,
Reliable, JBN, Quicksilver or whatever source code on her Windows
system or to actually take the time to read all that stuff. Up to now
she's proven right.
| |
| Nomen Nescio 2007-02-22, 7:11 pm |
| In article <246b8cb42d5a0feffd7b6767007985dc@4096.net>
Anonymous <nobody@4096.net> wrote:
>
>
> And what for? Unfortunately such a safety measure simply doesn't work
> with Windows. You have no standardized programming environment aboard
> that allows all potential users to build binaries on their own. Even
> if you yourself have scrutinized every line of the source code given
> to you, bought Delphi, installed all necessary components and finally
> compiled your private edition of Omnimix, which may look somehow
> similar to the original, who are you to tell the world that it's o.k.?
> And if some representative of an honest NGO signs an NDA and gets the
> code, should they exercise the steps above for every release and in
> consequence become the official issuer of this software?
>
> That's why, apart from waiting for the bad thing happening, I only see
> one way out:
>
> AFAICS all message encryption is done by the external GPG and
> Mixmaster executables with the data transferred in both directions by
> file. Therefore for someone skilled in debugging there should be no
> problem to watch the clear text input and encrypted output of those
> (hopefully trustworthy) programs and compare the data with what's sent
> to the mail host. This could even be automated with a few lines of
> code written by a person unrelated to the author and then applied by
> everyone interested to any version he uses.
>
> Besides, no matter what software is available, my grandma still
> handrolls her two bomb threats a year with PGP 2.6.3i whilst in the
> meantime using Omnimix for her low-security everyday news
> contributions and mail. She argues, that she trusts none other than
> herself, but OTOH isn't able to compile any Mixminion, Mixmaster,
> Reliable, JBN, Quicksilver or whatever source code on her Windows
> system or to actually take the time to read all that stuff. Up to now
> she's proven right.
You've a very narrow view of the importance of releasing the program
source. Peer review is absolutely necessary. Suggesting that if the
source was available it wouldn't be reviewed is nothing but a smoke
screen.
You've taken three large paragraphs to rationalize away the simple
truth that the source code must be released. It strikes me that only
someone very, very, very, close to the author would present such
arguments. Fact is, no one's ever come here before saying 'hey, it's
not necessary'. Is that you Christian? I'm sorry, your post is
nothing but hot air.
Christian knew what he was getting into before he started omnimix. I
can't trust the program or the Christian until the source is released.
|
|
|
|
|