TrueCrypt forum down for over a day..so far

I know there are a few people joining us from the official TrueCrypt forum because of various issues, be it Admins who refuse to activate an account of a long time user who is having an email issue, increasing restrictions on what we can't say there, or just people who actually want to have the ability to send a private message to another user of the forum.

As useful as that forum is for TC helping, its becoming more and more hostile to its users, IMHO.

Anyways, enough of the ranting. Any idea why the forums been down? Last time I seen it down this long, there was a major update, but I don't think this is the same.

 

I am also baffled and a bit surprised by the occasional long "outages" that seem to hit the TrueCrypt forums. The reasons given never provide any significant details, and I have never seen a proper explanation afterwards. My personal opinion is that the developers merely choose to shut down the forums whenever they get too busy or when personal issues intervene. I guess we just have to live with it.

 

Yea, it is kind of crazy.

I sent a PM to the Admins at first expressing my frustration with the new rules, and especially the PM lock down, and in response to their response (which was we had to do it because its being abused.. ) in which I suggested that if the forum is such a burden, have it hosted by someone else.

I actually suggested Wilder's. I don't know whats involved, but since one of the elements they were complaining about was cost, I'm assuming having Wilder do it would be cheaper from the standpoint that here already has the infrastructure, a larger pre-existing user base (Which could increase TC usage/knowledge) and is already topical, as it is a security forum. They won't have the "fine grain" of control that they currently enjoy, but I think it might provided a good balance of their needs and user wants.

I don't know if you've noticed, but since the rules were reaffirmed, the number of violations seems to be increasing. IE more and more people are asking for the modded 4.3a code (even if they have started with v6.0 which makes no sense). And I'm still lost in the difference between mentioning and "promoting" an alternative encryption software/hardware scheme. I am thinking its ok to say "I do use ____" but saying "____ would be the better choice" is promoting. Of course I'm not sure.

 

I have been going to the forum for around 4 years now. I think some of the outages are intended. No conspiracy theories. I think it is all the loud mouths and nitwits who have signed up in the past year who have engaged in a lot of slamming if ICE, and offering infantile suggestion on how to engage in "goon baiting" the feds and sabotage efforts to examine systems using Truecrpyt. I can imagine TrueCrypt been subpoenaed already for logs to get the IP numbers of the those shooting their mouths off about this. Very stupid thing to do for anyone who wants to remain below the radar; calling attention to themselves like that. I would think more than a few of these clowns have been identified by the powers that be and it is the last thing TrueCrypt needs to deal with. The forums are not suppose to be turned into a childish blog for those with that mindset.

 

Hi

I am also fed up with the Truecrypt Forum rules and regular down time. Losing JT’s valuable input because of a silly e-mail problem is just stupid.

I also had to post a bug (serious, not being able to make header backups when using keyfiles) here on this forum because I found it so hard to post on the Truecrypt one.

If anyone can be bothered to set up a “rebel” Truecrypt forum there is free forum hosting here.

I love Truecrypt but bug reporting should be more public and open. There is no security by obscurity !

 

More than a few times I've considered setting up a rebel board. And just to offer a counterpoint, while I agree that bug reports should be more open/public, I can also understand if there is a security issue that is in the better interests of not being publicly disclosed, at least until after the fix is implemented.

That keyfile bug is definitely worthy of an immediate fix (a "b" release) but I think it was reported even before the "a" and wasn't fixed. It still exists doesn't it?

I've just seen too much ruffled feathers from 6.0, which is why I've not left 5.1a yet. I don't need the hidden OS, and while I'd love the internal header backup, the one container that I'd want it on is not one I can just recreate overnight. (300GB drive w/full partition encryption.) I'm kind of waiting for the "all clear" from users as to when the "hiccups" have been worked out. Or at least 6.1.

 

Hi KookyMan

I understand you hesitancy with Truecrypt V6.

What scares me is Truecrypt has had quite a few bugs over the years with a very slow fix rate. If they are making those kind of errors with things humble users can find what is going on with the cryptography !!

There are so few people in the world who can really check this sort of thing I would have thought they should have tried to hold onto JT on that forum as he knows his crypto !

Oh and yes, that keyfile backup bug is still there.

 

I also don't see any need to upgrade to v6.x
The hidden OS is not as straight forward as a hidden volume and thus requires full understanding of TrueCrypt to get it right. New features that benifit a tiny fraction of users but add complexity for all? I don't get it.
Then there is the forum thing. Micro-management of forum content is turning everyone off. I could be wrong but this latest shutdown looks more like a temper tantrum than anything else.
I second the motion to launch an alternate TC forum.

 

I joined the TC movement at 5.0. I downloaded 4.3a about a month before 5.0 came out, but I waited until 5.0 before I actually started learning and using it, so bugs before then.

I'm not sure what other big/stupid mistakes have been made before then, but 5.0 didn't seem to have many serious bugs that were directly TC's fault. (That I remember, and I'll admit, I suffer from "CRS". (Can't Remember S@!%). The biggest stupid mistake however is v6's header backup when using keyfile bug. How does that not get caught in QA/Basic testing?? Most of v5.0's bugs were based on the bootloader's size and location.

With regards to the Hidden OS as added complexity. Absolutely. I'll admit it, I looked at 6.0 and that was my initial reason for not even touching it. Most people don't even understand what a hidden volume is, let alone what makes it hidden. (For proof, look at the number of people who encrypt hundreds of GB of drive space, then put in a hidden container, but leave just a couple GB for the outer container.) Or the people who come up and say "How do I make a hidden container without another one?" A complete lack of any understanding.

TC is great, and I do love how it tries to bring encryption to the masses, which is a good thing, but, it isn't for everyone, and you at least need a fundimental understanding how the program works. There is someone in another forum area here on Wilders that thinks if you install TC, you've just "passworded" everything and is wondering why he's not being prompted for a password. (He did an extraction, direct to USB stick. People tried helping, but we're shifting into a RTFM because he has no idea how the program works. Someone even gave him a tutorial but isn't reading that.)

 

KookyMan, TrueCrypt isn't just another program. To use it in a proper way I had to read the user guide at least 2 times. And I also read hundreds of threads and articles about it. I'm not a computer expert but people can learn. I certainly learned how TrueCrypt works. I understand everything user needs to understand. About the hidden OS, decoy, where actually hidden OS is stored. How to use all the benefits that TC is offering.

So, it's not TrueCrypt's fault that some people do not underatand. First thing everybody needs to know is that you have to read hundreds of pages about it before start to use it. Otherwise, it's pointless.

There were some serious annoying bugs before as well. Between 5.0a and 5.1 mounted volumes were not listed in TC window. You couldn't dissmount them 1 by 1. Very annoying indeed. It took them around 1 month to fix it. I hope they will release 6.1 soon. A few years before I started to use it there was some serious bug in TrueCrypt. But since I am using it (1 year now) there weren't any major bugs. Bugs which would cause TC volumes to get corrupted or something.

Forum has been offline for several days in the past. That often means a new version is coming up.

About JustinT, it's very possible that they actually banned him. Maybe they didn't like what he said there (it's just an assumption, maybe I am wrong, but it's a possibility).

 

Yea, wasn't the forums down for months between 4.3a and 5.0. From Mid-November 07 till Feb 08. In talking to the admin before it went down, I know they were hinting at "costs" of maintaining the forum, and I believe they are referring to a monitary sense. I gave a couple of suggestions to them in an effort to help with that, from having someone else host the forum (ie: transfer it here to Wilders, like ESET or Acronis have set up) to pruning the forum to recover disk space.

I had just considered actually that if they did do some significant pruning (there are still messages from 2004, and I know that all that is out of date really for the current version of TC), not only would they recover significant amounts of drive space, they would actually reduce their bandwidth as well. How? By pruning back to say 2007 forwards, it would reduce the amount of database to search (making searches faster) and reduce the results count giving less data to be transferred in result bodies.

Oh well, no point in trying to guess what is going on with the forums, we'll will not know until they are back online.

 

Oh, do tell me more !!!!

 

I think he's referring to the fact that they introduced some new rules, and rewrote others.

As of the shutdown, here is the current forum rule list. It was 8 rules, now its 15:

IMHO, #1, 2, 5, 6, 7, 10, 11 all make perfect sense for any forum. They are general good etiquette rules.

#3 is a very fine line, as sometimes the admin considers even mentioning it promoting it. #4 while at first glance seems obviously good, consider the wording. Basically you can't say anything negative about anyone/thing. I guess this harkens back to the good ol' rule, "If you have nothing nice to say, don't say anything at all," but sometimes there are legitimate reasons to say negative things about an entity. #8 I can understand, except that its a rule that's been broken for awhile. See the persistence of the 4.3a "modified" code to get around damage caused by Acronis TI. #9 also makes some sense.. This is definitely one of the new rules.

#12. This as well as is a new rule. There are a lot of EU TrueCrypt users, and a significant number of requests were starting to come in, in German. There were also some German speakers answering questions. This felt like it was a face slap to the non-english users, and a attitude of "I don't know what your saying so shut up." While having German language was a bit of irritant to me, I still appreciated that they were just looking for help. A number of them would actually dual post, one in their native language, and a second in English (in the same posting) in an attempt to get help from everyone, yet the native language would allow those who speak it to see directly as opposed to seeing a translated (and sometimes flawed) version.

#13 is just the traditional, "I'm the boss and I'll do what I like" attitude, and possibly where the thought of a temper tantrum came into play.

#14. This would be so much easier if reasoning was given for post delitions. Here, if a post is deleted, there is a reason given. Often times its just edited, or replaced. On the TC Forums, posts go missing as if they've never happened. Often without warning or communication to the poster. I know I've had messages disappear so I reposted them, just to have them vanish again.

And the latest rule.. Which isn't on the list (that I know of) but is being enforced is No Private Messages. The only person that you can PM now is the Admin. I actually raised this issue in a PM prior to the disabling of the board. I pointed out that with all the rules now on the board, we no longer have a way to ask people to converse with us elsewhere. If a topic moves into an area that is not permitted on the forum (gets major offtopic or whatever) we no longer have the option to take it private (PMs) or even to email without posting our email to the main forum. Its gone very anti-user. (As if it wasn't before.)

 

Hi KookyMan

Wow, thank you for taking the time to write and post that full explanation !

I see why people are getting fed up with the TC Forum. They seem to have gone completely paranoid and controlling.

Why can’t people PM each other there ? What could possibly be wrong with PM’ing ?

I wish you would reconsidered starting your own rebel TC forum !!

 

To quote an Admin, PM's were being "abused." Didn't give any more or less just that. Either by copious quantities, or messages being in violation the rules, and shy of giving up that they are reading everyone's PM's, they just disabled em.

 

Hi I'm also annoyed by the forum downtime! I'm relatively inexperienced with TC and have found many forum threads relating to the WDE features essential. The online manual is definitely not enough to get a comfortable grasp of the ins and outs of using WDE practically, especially if one wants to try various more complex setups (dual boot with encrypted linux and TC-encrypted windows for example).

It would be very valuable if, once the forums are up again, a selection of the more informative threads and tutorials posted pertaining to WDE could be crossposted somewhere else online. So that they can still be read during upcoming forum downtimes. Maybe as a moderated wiki as a complement to the the official manual?

 

The whole point of a wiki is its not moderated. Sure you can protect them, but the whole concept behind them is to be freely editable.

We'll see what happens.. its just a waiting game again to see what changes when it comes back online.

 

Thoughts.

As noted in this past thread, I reached a dead end, as far as logging in is concerned. I've neither resolved this issue, nor have I received any administrative response on how to go about it. It may be purely technical; regardless, I won't speculate.

I am critical of TrueCrypt. My conclusion is that it's probably good cryptographic software, which isn't something that can be said of most cryptographic software. However, some of the design decisions behind it aren't optimal or characteristic of what I would constitute good cryptographic engineering. While it's reasonably designed from many angles, I'm inclined to believe that there's no cryptographer behind the scenes. I could be wrong, and I hope I am.

I'm critical, not because I'm against TrueCrypt, but because I care about its evolution. I care because, one, it will influence the non-cryptography-using crowd to join the cryptography-using crowd, and, two, it will influence the birth of new cryptographic software. It's important that TrueCrypt sets a good example; it's in this regard that I think it could do much better. While backwards compatibility will always force the retaining of past features, there's a lot that could be weeded out.

While I may rain on its zealot-boy parade from time to time, I hope it succeeds. Continuously questioning security leads to better security; defensively praising it jeopardizes it.

 

Looks like some stuff about TrueCrypt has been put on http://www.wikihow.com

How to Use Truecrypt in Clever Ways
How to Hide Tc Bootloader
How to Mount Tc Volumes at Login Before Other Programs Start
How to Remove the Texts "True Crypt" from Boot Loader
How to Make a 'Virtual PC' on Your USB Device
How to Browse Sites Secretly Using Firefox

 

Re: Thoughts.

Like I said…

 

I'm also very disappointed in the was the TC forum evolved
aspecial the roule 9 that bans racoons TCTemp & TCGina tools is more than bad!

I would also like to support the idea of a rebel forum.

 

Aren't racoon's exempt because they do use TrueCrypt?

I thought it was targeting things like TCExplorer, which doesn't use TrueCrypt, its just based on its code. I thought TCGina and TCExplorer use the released TC and just add features like a front end.

 

There was a leter roule change that introduced: "Any third-party software that creates, mounts, encrypts or decrypts TrueCrypt volumes, or their portions, even if it uses TrueCrypt (for reasons, see the above item and this real example) except small batch scripts."
And a few days (weeks) bevoure the forum went offline this 2 tools from racoon ware removed from the board.

 

Wow.

They really are becoming real a@@$%!#s over there aren't they?

I just talked to Raccoon too asking if he had any info on the installer changes I discovered.

I wonder if they are attempting to "prune" the board of all the "Against the rule" talks. I know that just before it went down, almost 3/4 of all the conversations were against one rule or another.

----

BTW, I guess we're up to two weeks now.

 

If I just go there and just say somthing innocuous that way I wont get BANNED and just waitout these draconian rules or better yet not say anything at all and just read.