Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
On 2010-04-19 18:05:30 -0500, Gunnar Wolf wrote: The reasons not to want a document printed are quite easy to understand, but the mechanism is flawed. Given the setting you mention, you can just slap a red banner stating Confidential, do not print. If it is on a corporate setting, just state it as a policy - and if somebody fails to comply with the policy, there should be sanctions. One sometimes tries to print PDF without reading them first. This is not with a PDF viewer, more with a printing utility such as lpr, though. At least such utilities should honor the printable flag (in order to protect the *user* from doing something potentially bad), overridable by an option. -- Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100420101626.gb22...@prunille.vinc17.org
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
On Tuesday 20 April 2010 12:16:26 Vincent Lefevre wrote: One sometimes tries to print PDF without reading them first. This is not with a PDF viewer, more with a printing utility such as lpr, though. At least such utilities should honor the printable flag (in order to protect the *user* from doing something potentially bad), overridable by an option. In my opinion, the more safety checks there are, the more stupid the users become. Without safety they have to be awake and careful to what they are doing. Bye -- Salvo Tomaselli -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201004201237.28208.tipos...@tiscali.it
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Le mardi 20 avril 2010 à 12:37 +0200, Salvo Tomaselli a écrit : In my opinion, the more safety checks there are, the more stupid the users become. Without safety they have to be awake and careful to what they are doing. I’ve witnessed the exact opposite. The more stupid users are, the more intelligence you have to put in software. -- .''`. Josselin Mouette : :' : `. `' “A handshake with whitnesses is the same `- as a signed contact.” -- Jörg Schilling -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1271770643.12956.0.ca...@meh
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Salvo Tomaselli tipos...@tiscali.it writes: In my opinion, the more safety checks there are, the more stupid the users become. Without safety they have to be awake and careful to what they are doing. It depends on how frequent the action that you're wrapping in a safety check is. Deleting files, absolutely. I'm not a fan of the alias rm to rm -i approach. But printing documents is not as routine of an action, and printing documents that the author thinks shouldn't be printed is even rarer. I don't think that's the kind of warning that becomes mind-numbing. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87mxwyngj6@windlord.stanford.edu
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Le Tuesday 20 April 2010 01:33:37, Russ Allbery a écrit : Why not put both a banner on the document and set the no-print flag to force a prompt at printing time? Defense in depth is almost always a good idea. There's a configuration option in KPDF (and okular, its KDE4 version) saying obey DRM limitations (unchecked by default). You can activate it, and a tool like kiosk might help to configure the default for a corporation. Regards -- Xavier Vello -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201004202137.59067.xavier.ve...@gmail.com
PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Hi, I have written a PDF that I have blocked for printing, etc. Acrobat Reader won't print it, because of the restrictions defined on the PDF file's content. However, KPDF accepts printing it, and extracting content from it, etc., even if these actions are unauthorized with acroread. Is it normal? Thanks. -- Merciadri Luca See http://www.student.montefiore.ulg.ac.be/~merciadri/ I use PGP. If there is an incompatibility problem with your mail client, please contact me. Don't try to teach a pig to sing. It doesn't work, and you'll annoy the pig. signature.asc Description: OpenPGP digital signature
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
On Mon, 19 Apr 2010 15:31:30 +0200 Merciadri Luca luca.mercia...@student.ulg.ac.be wrote: Hi, I have written a PDF that I have blocked for printing, etc. Acrobat Reader won't print it, because of the restrictions defined on the PDF file's content. However, KPDF accepts printing it, and extracting content from it, etc., even if these actions are unauthorized with acroread. Is it normal? Anti-features like locking and password protection are not supported and, if implemented, could make the free software tools appear non-free by restricting the functionality available to the user. In this case, the needs of the user outweigh the restrictive tendencies of the writer of the original format. There are no other formats in Debian (AFAICT) which try to prevent only some documents of that format from being printed. Removal or ignoring the addition of code to support such restrictions is a feature in free software IMHO. All PDF's should be printable by free software. -- Neil Williams = http://www.data-freedom.org/ http://www.linux.codehelp.co.uk/ http://e-mail.is-not-s.ms/ pgpVqlpoQwqzX.pgp Description: PGP signature
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Neil Williams wrote: On Mon, 19 Apr 2010 15:31:30 +0200 Merciadri Luca luca.mercia...@student.ulg.ac.be wrote: Anti-features like locking and password protection are not supported and, if implemented, could make the free software tools appear non-free by restricting the functionality available to the user. In this case, the needs of the user outweigh the restrictive tendencies of the writer of the original format. There are no other formats in Debian (AFAICT) which try to prevent only some documents of that format from being printed. Removal or ignoring the addition of code to support such restrictions is a feature in free software IMHO. All PDF's should be printable by free software. Thanks. I can understand this point of view, but, sometimes, such anti-features can be activated for safety reasons. This is the first time I have to do it, but it was necessary, at least until friday. Thanks, -- Merciadri Luca See http://www.student.montefiore.ulg.ac.be/~merciadri/ I use PGP. If there is an incompatibility problem with your mail client, please contact me. You'll always miss 100% of the shots you don't take. signature.asc Description: OpenPGP digital signature
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
I Rattan wrote: On Mon, 19 Apr 2010, Merciadri Luca wrote: yes. Thanks. I assume that this is for the same reason as Mr. Williams pointed out. Are _all_ the free PDF viewers running under Debian in accordance with this principle? -- Merciadri Luca See http://www.student.montefiore.ulg.ac.be/~merciadri/ I use PGP. If there is an incompatibility problem with your mail client, please contact me. As soon as a man is born, he begins to die. signature.asc Description: OpenPGP digital signature
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Sjoerd Hardeman wrote: Pdf anti-features are fake security. Don't trust on them, never. And what do you suggest if one wants some real protection _and_ the benefits of a format like PDF? Thanks. -- Merciadri Luca See http://www.student.montefiore.ulg.ac.be/~merciadri/ I use PGP. If there is an incompatibility problem with your mail client, please contact me. A good laugh is sunshine in a house. (William Thackery) signature.asc Description: OpenPGP digital signature
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Twas brillig at 17:32:51 19.04.2010 UTC+02 when luca.mercia...@student.ulg.ac.be did gyre and gimble: Pdf anti-features are fake security. Don't trust on them, never. ML And what do you suggest if one wants some real protection _and_ the ML benefits of a format like PDF? Thanks. There is no real protection. -- http://fossarchy.blogspot.com/ pgpwMLyUKZ41p.pgp Description: PGP signature
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
On 19/04/2010 17:32, Merciadri Luca wrote: Sjoerd Hardeman wrote: Pdf anti-features are fake security. Don't trust on them, never. And what do you suggest if one wants some real protection _and_ the benefits of a format like PDF? Thanks. If you have free software (ie software you have the sources and are able to recompile) and if you can get the information on the screen, then it is only a matter of programmation to be able to have it on printer. So, free software readers that forbid printing can be (more or less) easily circumvented (and the patch to do this will be done and available on internet). So why would the authors of such readers want to program this at first time. If you want to avoid printing, you need to fully control the whole chain (ie TPA, ...) AND the terminals (ie, if you can show it on screen, some classic 'print-screen-to-file' and graphical software can be used to print the document, or even camera and image post-processing). For now, the only domain where such restrictions works partially are HD-DVD (and its possible it is already broken). This is possible because it is expensive to acquire good quality video data (ie recording what is diffused by a secure HD player on screen by a camera will have no really good quality). This would not work for audio data (at least, until the decoder is not embedded into brain ;-) ) because it would be easy to reacquire good quality data from a line-out. So, what would be the use case to allow a someone to read the information but not print it ? In any case, printing it would be more or less convenient but it will always be possible if it is displayed on screen (even with Acrobat Reader) Regards, Vincent -- Vincent Danjean GPG key ID 0x9D025E87 vdanj...@debian.org GPG key fingerprint: FC95 08A6 854D DB48 4B9A 8A94 0BF7 7867 9D02 5E87 Unofficial packages: http://moais.imag.fr/membres/vincent.danjean/deb.html APT repo: deb http://perso.debian.org/~vdanjean/debian unstable main -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4bcc83d1@free.fr
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
On Mon, Apr 19, 2010 at 10:39:03PM +0700, Mikhail Gusarov wrote: Twas brillig at 17:32:51 19.04.2010 UTC+02 when luca.mercia...@student.ulg.ac.be did gyre and gimble: Pdf anti-features are fake security. Don't trust on them, never. ML And what do you suggest if one wants some real protection _and_ the ML benefits of a format like PDF? Thanks. There is no real protection. -- http://fossarchy.blogspot.com/ This is one of the reasons why people who seek to use DRM will not allow their software to be made for Free Software Platforms. DRM is not in the best interest of the users/re-users of content. And by adding DRM, you tell the user that he/she did not buy the content but is renting it until you decide otherwise. People have proven, again and again, that they are capable of circumventing DRM, so it is not an issue of 'if' they will break DRM but when. And it only hinders legitimate user of your content, those who wish to follow these restrictions. From my recollection, KPDF has an option to 'enable' the compliance with the 'do not print' feature. But it is not enabled by default. -- | .''`. == Debian GNU/Linux == | http://kevix.myopenid.com | | : :' : The Universal OS| mysite.verizon.net/kevin.mark/ | | `. `' http://www.debian.org/ | http://counter.li.org [#238656]| |___`-Unless I ask to be CCd, assume I am subscribed _| -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100419164528.gd5...@horacrux
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
On Mon, 2010-04-19 at 15:52 +0200, Merciadri Luca wrote: Thanks. I assume that this is for the same reason as Mr. Williams pointed out. Are _all_ the free PDF viewers running under Debian in accordance with this principle? At least Evince can be convinced to provide this feature, if you toggle /apps/evince/override_restrictions -- Cheers, Sven Arvidsson http://www.whiz.se PGP Key ID 760BDD22 signature.asc Description: This is a digitally signed message part
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
In article 4bcc77a3.9080...@student.ulg.ac.be you wrote: And what do you suggest if one wants some real protection _and_ the benefits of a format like PDF? Thanks. It is simply not possible to publish something and protect it. The best protection in that case is reputation. Gruss Bernd -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201004191636.o3jgahjz018...@neskaya.eckenfels.net
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sven Arvidsson s...@whiz.se writes: On Mon, 2010-04-19 at 15:52 +0200, Merciadri Luca wrote: Thanks. I assume that this is for the same reason as Mr. Williams pointed out. Are _all_ the free PDF viewers running under Debian in accordance with this principle? At least Evince can be convinced to provide this feature, if you toggle /apps/evince/override_restrictions Thanks for pointing this out. - -- Merciadri Luca See http://www.student.montefiore.ulg.ac.be/~merciadri/ - -- Remember. If something can go wrong, it will. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAkvMwUgACgkQM0LLzLt8Mhy7EgCfS1LAUB1RO6r/t6/EgH0HnwQn mKAAniLfhthHQqXp2HhgIbA2JrEYNpOg =58t0 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87d3xv186v@merciadriluca-eee.workgroup
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry, my last message was actually rejected by the moderation robot (if this is a robot). Vincent Danjean vdanjean...@free.fr writes: On 19/04/2010 17:32, Merciadri Luca wrote: Sjoerd Hardeman wrote: Pdf anti-features are fake security. Don't trust on them, never. And what do you suggest if one wants some real protection _and_ the benefits of a format like PDF? Thanks. If you have free software (ie software you have the sources and are able to recompile) and if you can get the information on the screen, then it is only a matter of programmation to be able to have it on printer. So, free software readers that forbid printing can be (more or less) easily circumvented (and the patch to do this will be done and available on internet). So why would the authors of such readers want to program this at first time. If you want to avoid printing, you need to fully control the whole chain (ie TPA, ...) AND the terminals (ie, if you can show it on screen, some classic 'print-screen-to-file' and graphical software can be used to print the document, or even camera and image post-processing). For now, the only domain where such restrictions works partially are HD-DVD (and its possible it is already broken). This is possible because it is expensive to acquire good quality video data (ie recording what is diffused by a secure HD player on screen by a camera will have no really good quality). This would not work for audio data (at least, until the decoder is not embedded into brain ;-) ) because it would be easy to reacquire good quality data from a line-out. / So, what would be the use case to allow a someone to read the information but not print it ? In any case, printing it would be more or less convenient but it will always be possible if it is displayed on screen (even with Acrobat Reader) As I explained before (or in the same thread in linux.debian.user), this is more a management (i.e. human) problem than a technical problem. It sometimes happens that you want to show something but without giving the others the possibility to do what they want with what you show them. I here suppose that the `others' are quite beginners. - -- Merciadri Luca See http://www.student.montefiore.ulg.ac.be/~merciadri/ - -- If you fake it, you can't make it. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAkvMwggACgkQM0LLzLt8MhxBxQCfR6BBvGFPzKDpu81yTxoJfyt/ 2okAn11ouCFzaJeEReibHIyOGHGzUc71 =jOZX -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/874oj7181j@merciadriluca-eee.workgroup
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bernd Eckenfels bernd...@eckenfels.net writes: In article 4bcc77a3.9080...@student.ulg.ac.be you wrote: And what do you suggest if one wants some real protection _and_ the benefits of a format like PDF? Thanks. It is simply not possible to publish something and protect it. The best protection in that case is reputation. Well said. But if the examinator does not know you very well, it might be difficult. And this is the case, actually. - -- Merciadri Luca See http://www.student.montefiore.ulg.ac.be/~merciadri/ - -- If you don't buy a ticket, you can't win the raffle. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAkvMwXMACgkQM0LLzLt8MhxCKwCdGNMnXbC+O/eRXL/3ellm4kla UTwAn3d0Rjx6JbFSCWaY5HBD+IJTfBGC =AgPi -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/878w8j185n@merciadriluca-eee.workgroup
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Mikhail Gusarov dotted...@dottedmag.net writes: Twas brillig at 17:32:51 19.04.2010 UTC+02 when luca.mercia...@student.ulg.ac.be did gyre and gimble: Pdf anti-features are fake security. Don't trust on them, never. ML And what do you suggest if one wants some real protection _and_ the ML benefits of a format like PDF? Thanks. There is no real protection. I think people are not understanding why users use this feature in some environments. Yes, sometimes it's a misguided attempt at DRM, but I've more often seen it inside a workplace as defense in depth against *mistakes*. One might, for instance, mark a document as not printable because it contains social security numbers and salary information and it's corporate policy not to create hard copies of the document beause of the risk of exposure of personal information that might put the company at legal risk. That's not to say that Debian PDF viewers should support this the way that Acrobat does, but for that use case, the desired UI is probably something like a dialog box that pops up and says that the document author has marked this PDF as not printable and asking the user if they're sure they want to override. For this use case, such a warning would probably serve the same purpose. (It may well be that some PDF viewers in Debian already implement such a dialog.) -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87d3xvb0wi@windlord.stanford.edu
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Merciadri Luca dijo [Mon, Apr 19, 2010 at 05:32:51PM +0200]: Pdf anti-features are fake security. Don't trust on them, never. And what do you suggest if one wants some real protection _and_ the benefits of a format like PDF? Thanks. Thing is, PDF is a printing-oriented format. It is a close descendent of PostScript, a full-fledged programming language, but geared towards printers. The main point that makes PDF a more convenient format is that Acrobat made a big campaign to distribute its PDF reader program. As you quote, others have told you the PDF-provided security is fake. It is just a flag flipped to tell the reader program to pretty please make life miserable for the user. What do you want to achieve with this _real_ protection you say? Whatever can be displayed on screen can be captured (i.e. with the common PrtScr keybinding in many environments). If you want to distribute material and make it hellish to your users to print it, copy from it or use it in any useful way, why don't you send the document as a .jpg file? Greetings, -- Gunnar Wolf • gw...@gwolf.org • (+52-55)5623-0154 / 1451-2244 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100419225344.gf29...@gwolf.org
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Russ Allbery dijo [Mon, Apr 19, 2010 at 02:14:21PM -0700]: I think people are not understanding why users use this feature in some environments. Yes, sometimes it's a misguided attempt at DRM, but I've more often seen it inside a workplace as defense in depth against *mistakes*. One might, for instance, mark a document as not printable because it contains social security numbers and salary information and it's corporate policy not to create hard copies of the document beause of the risk of exposure of personal information that might put the company at legal risk. That's not to say that Debian PDF viewers should support this the way that Acrobat does, but for that use case, the desired UI is probably something like a dialog box that pops up and says that the document author has marked this PDF as not printable and asking the user if they're sure they want to override. For this use case, such a warning would probably serve the same purpose. The reasons not to want a document printed are quite easy to understand, but the mechanism is flawed. Given the setting you mention, you can just slap a red banner stating Confidential, do not print. If it is on a corporate setting, just state it as a policy - and if somebody fails to comply with the policy, there should be sanctions. Of course, somebody interested in printing the file will do it. Either by his own means or, like my users, by mailing the techie the document asking him to unprotect it. Or by sticking it on a USB key and taking it off-site to a location they can freely tinker with. As I said on my previous mail: If you don't want it to be printed, distribute in a way that makes it hard to be useful when printed. Don't you trust somebody with social security numbers and salary information? Don't give it to them. -- Gunnar Wolf • gw...@gwolf.org • (+52-55)5623-0154 / 1451-2244 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100419230530.gg29...@gwolf.org
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Gunnar Wolf gw...@gwolf.org writes: Russ Allbery dijo [Mon, Apr 19, 2010 at 02:14:21PM -0700]: I think people are not understanding why users use this feature in some environments. Yes, sometimes it's a misguided attempt at DRM, but I've more often seen it inside a workplace as defense in depth against *mistakes*. One might, for instance, mark a document as not printable because it contains social security numbers and salary information and it's corporate policy not to create hard copies of the document beause of the risk of exposure of personal information that might put the company at legal risk. That's not to say that Debian PDF viewers should support this the way that Acrobat does, but for that use case, the desired UI is probably something like a dialog box that pops up and says that the document author has marked this PDF as not printable and asking the user if they're sure they want to override. For this use case, such a warning would probably serve the same purpose. The reasons not to want a document printed are quite easy to understand, but the mechanism is flawed. Why? Given the setting you mention, you can just slap a red banner stating Confidential, do not print. If it is on a corporate setting, just state it as a policy - and if somebody fails to comply with the policy, there should be sanctions. An ounce of prevention is worth a pound of cure. Finding ways to punish employees for doing something stupid isn't nearly as interesting as finding ways to use software to warn people against doing something stupid in the first place. We all do something stupid without thinking about it occasionally. If that thing has serious consequences, having multiple levels of protection to ensure that we really want to do what we're doing is useful and helpful. Why not put both a banner on the document *and* set the no-print flag to force a prompt at printing time? Defense in depth is almost always a good idea. Of course, somebody interested in printing the file will do it. Either by his own means or, like my users, by mailing the techie the document asking him to unprotect it. Or by sticking it on a USB key and taking it off-site to a location they can freely tinker with. Yes, as I said explicitly, that's not the point. As I said on my previous mail: If you don't want it to be printed, distribute in a way that makes it hard to be useful when printed. Don't you trust somebody with social security numbers and salary information? Don't give it to them. It's not a matter of trust. It's a matter of using technology to help protect against mistakes. Do you configure your Git repositories to deny non-fastforward pushes? That's just an artificial fake security measure to prevent an action that someone can take in many other ways. It won't stop anyone determined do a non-fastforward push. And yet almost all of us who run shared repositories use that setting and like it, because it prevents us from doing things that we didn't intend to do. The solution to that problem isn't to prevent anyone who one can't trust to only do fast-forward pushes from doing git push at all. It's to apply a simple technological measure that makes sure that people doing something dangerous confirm that they know what they're doing. Hopefully the similarity is obvious. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/878w8j9fvy@windlord.stanford.edu
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Merciadri Luca luca.mercia...@student.ulg.ac.be wrote: Sjoerd Hardeman wrote: Pdf anti-features are fake security. Don't trust on them, never. And what do you suggest if one wants some real protection _and_ the benefits of a format like PDF? Thanks. The PDF specification itself recommends using external encryption in this case. From section 7.6.1 of the PDF specification: NOTE: Conforming writers have two choices if the encryption methods and syntax provided by PDF are not sufficient for their needs: they can provide an alternate security handler or they can encrypt whole PDF documents themselves, not making use of PDF security. It is very easy to defeat PDF security in any file that has a blank user password since it is just up to the application to enforce security. I've written a detailed explanation of this which I can dig up and send you if you're interested. -- Jay Berkenbilt q...@debian.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100419204257.0890259570.qww314...@soup
Re: PDF is blocked for printing, etc. OK for acroread (it behaves as expected), but KPDF allows me to print it, even if it is protected! Why?
Zitat von Jay Berkenbilt q...@debian.org: Merciadri Luca luca.mercia...@student.ulg.ac.be wrote: Sjoerd Hardeman wrote: Pdf anti-features are fake security. Don't trust on them, never. And what do you suggest if one wants some real protection _and_ the benefits of a format like PDF? Thanks. The PDF specification itself recommends using external encryption in this case. From section 7.6.1 of the PDF specification: NOTE: Conforming writers have two choices if the encryption methods and syntax provided by PDF are not sufficient for their needs: they can provide an alternate security handler or they can encrypt whole PDF documents themselves, not making use of PDF security. It is very easy to defeat PDF security in any file that has a blank user password since it is just up to the application to enforce security. I've written a detailed explanation of this which I can dig up and send you if you're interested. How could encryption make it possible to view it but prevent printing it? HS -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100420073908.6mqfjhea88k80...@v1539.ncsrv.de