I guess the source to lsof probably contains the most "cross platform"
collection of ways to fetch a process name/path.
--
You received this bug notification because you are a member of Zeitgeist
Framework Team, which is subscribed to Zeitgeist Framework.
https://bugs.launchpad.net/bugs/787868
T
I don't see the point, applications can still get a copy of the database
querying for it over D-Bus. If you're worried about what's on the disk,
full home directory encryption is the most logical choice (or moving
~/.local/share/zeitgeist into ~/Private).
--
You received this bug notification bec
The plugin here is really a daemon that polls mpd and writes new entries
to zeitgeist.
It's convenient for me because I don't use any graphical client but mpc
or Synapse, through a plugin I wrote that's currently under review. I
add it to my autosatrt.sh openbox script, and it works great.
I have
> An easy way to create the API would be to prevent client connections
> to Zeitgeist from programs not installed on a system wide basis. Any
> program running from a temp file system or from the user's home
> directory is likely to be customized and prompting the user for input
> seems reasonable.
I'm with Siegfried when it comes to add an extra encryption layer on top
of the db, basically I fail to understand why putting the db in an
encrypted filesystem is not good enough.
But what I find interesting is the idea of limiting the ability to
access the activity log to system-wide installed c
Full disk encryption is not a dependency for Zeitgeist; it's not
reasonable to punt on security simply because someone might run their
computer in a safe, without a network and without any attackers... :-)
--
You received this bug notification because you are a member of Zeitgeist
Framework Team,
Limiting the access can be done by inspecting the proc entry for
/proc/$PID/exe and only if you own the process is it possible for you to
dereference the symlink.
Here's some code the shows why parsing /proc/$PID/cmdline isn't a good
idea: https://github.com/ioerror/chameleon
If we assume that a
Every new Ubuntu user is being tracked by Zeitgeist and if they lose
their desktop computer/laptop, they're going to reveal a lot of data
that they might never have known was being collected. At least with db
encryption the person with the laptop has to mount some kind of attack
before they get the
After discussing with Seif, I realized that there's a major issue that
seems to be unspoken. Zeitgeist is meant to be cross-platform "myware"
program - it helps you to use your computer.
There's a problem with the implementation though - some platforms are
not really privacy protecting or user fri
I agree 100% with Jacob that we need to work on these security issues.
While some people might find it paranoid, we should try to minimize our
attack surface.
AFAIK http://sqlcipher.net/ is cross-platform the only thing we will
need to do is package it for Ubuntu. It offers protections on platform
I think that the default keying for sqlcipher is sorta weak - so I'd
probably suggest using a raw key rather than their password function.
Their password function is pretty weak...
--
You received this bug notification because you are a member of Zeitgeist
Framework Team, which is subscribed to Z
11 matches
Mail list logo
