MITM attack (torrent poisoning)on Linux Mint torrents? and other dark thoughts

[Johnny B Good]

I'm currently, and for the past four weeks now, struggling with a major
hardware upgrade so major that I'm unable to carry on using Windows 2000
SP4 due to lack of driver support and thus forced to seriously consider
alternatives that *aren't* winXP, Vista, win7 *or* any of the win8
flavours nor any of its successors.

IOW, I've been looking at *nix desktop distros, Linux based, in
particular the Ubuntu flavours of Debian, specifically Linux Mint (LM)
variations, starting with LM 17.1 KDE. I'm currently managing, for the
moment at least, with LM 17.1 Xfce until I can find a less annoying
version of *any* flavour of Linux to settle upon. The following, which is
a copy and paste from a reply I made in the recent "OT: Computer running
slow" thread in utd-tv pretty well spells it all out. Please keep in mind
that the torrent client is Transmission running as a service on my
NAS4Free box. I won't impose such a duty on *any* desktop PC regardless
of the installed OS, hence my supposition of 'torrent poisoning' rather
than some clever malware being present on the host.

STARTQUOTE:
_________________________________________________________________________

I've picked this post up after what I can only describe as "A Lost
Weekend" trying to overcome some really weird installer failures in three
of the other flavours of Linux Mint (LM 17.1 Xfce-64bit and the two 64 bit
LMDE-2 editions). In each case, they booted into a Live CD session ok but
when it came to running the installers, they *all* fatally failed about
two thirds of the way into the initial file copying process after
specifying the user credentials with an IO error suggesting either
corrupted install media or faulty hard disk.

The possibility of a *random* corruption in the downloaded iso images
generating identical failure symptoms just seemed *so* unlikely, it made
me concentrate (erroneously as it happened)[1] on some sort of SSD
interface incompatibility issue to the point where I even tried running
the install with the original MoBo setup on the workbench as an 'Al
Fresco' system. It made no difference and I got the same result when I
tried an older 30GB Kingston SSD. At this point, I even considered testing
the installation process with an old 320GB IDE drive but stopped just
short of going to that extreme - it didn't *really* seem too likely that I
was seeing an SSD issue after all my years of problem free experience with
SSDs during the many and varied OS installations I'd run.

After two whole days of trying to install a slightly different version
of LM (a process that can normally be done and dusted in a little over 30
minutes plus another 30 to re-install 3 or 4 apps), I was in total
despair, with my head in my hands, by yesterday evening.

Every so often, in between failed attempts, I would re-run the
installation of LM 17.1 KDE from the 2GB thumb drive just to re-assure
myself that *this* particular version would still work as advertised and
return the PC back to normal.

By now, re-running this install as a 'sanity check' yet again seemed a
rather pointless exercise when the whole plan was to get away from a
defective version of Linux (parsing the folders on the NAS box could take
half a minute or more rather than the fraction of a second that win2k took
which rather hinted at some level of 'borkedness' in this particular
version[2]).

The lack of sleep and mental strain saw me take to my bed for a couple
of hours of much needed respite. However, it wasn't until several more
hours of pondering the problem that I finally considered the possibility
that the torrent downloads may well have fallen victim to some sort of
MITM diddling or a form of "Torrent Poisoning" (remember,
*THREE_DIFFERENT* versions *all* showing the same behaviour - Live CD boot
up ok but the same fatal failure during the installation process!!!).

When I *did* finally do what I used to do as a matter of routine,
compare the MD5 checksums against the distro's published ones, I
discovered that the first of the three alternatives (LM17.1Xfce) did
indeed show a mismatch with the torrent downloaded iso image but a match
to the direct download from the UK mirror which had just finished
downloading by then.

Curiously, the other two didn't show such MD5 checksum mismatches,
perhaps the torrent poisoning technique used on these had been just that
little bit more sophisticated - who knows? In any case, it was enough for
me to re-create a fresh LM 17.1 Xfce bootable thumb drive using Unetbootin
on the resurrected win2k 'al fresco' system which proved ok by completing
the installation onto this box without incident.

I have to say, I'm not at all impressed with LM Rebecca Xfce, It's
desktop seems to be *all* look and *no* functionality and, if anything, is
even more useless than its braindead KDE cousin. However, the issue of
extremely slow parsing of the directories on the NAS box was eliminated
(just two or three seconds for a heavily populated directory versus 20 or
30 seconds with the KDE version[2])

[1] - not helped by some boot sector shit on one of the hard drives
causing the new MoBo's wonder UEFI bios to go into an endless loop causing
the POST to hang until the data cable was disconnected from said drive for
a second or so - go figure! It certainly had no effect whatsoever on the
previous, non-UEFI, MoBo

[2] Accessing directories on remote shares (notably the NAS on the GBit
lan) was painfully slow - half a minute in the case of a heavily populated
directory (folder) that would normally only take a second or so for a
windows box to parse the list.

There is also the issue of not being able to access the file shares on a
win2k laptop that remains accessable from other windows PCs, regardless of
whether real or virtualised on this very same machine, yet the shares from
another win2k machine are entirely accessable. This particular failing
seems to a a generic Linixy thing since it's been the same with other Live
CD *nix sessions I've tried - perhaps its an 'Ubuntu thing'?

Yet another 'annoyance' I just experienced relates to the shabby way it
handles Optical disk media events. I've just tried copying mp3 files off a
couple of mp3 talking book CDs. The first CD copied ok but when it came to
ejecting the disk via the software applet, as opposed to the drive's
button, it claimed there was a problem (so I ejected on the hardware
button anyway and swapped the 1st disk with the 2nd). About halfway
through the copying process it halted with a rather strange error message
about not being able to splice the 'new' file to an existing one.

At first I couldn't figure WTF that was all about until after firing up
my al fresco win2k set up to do what Linux seemed to be incapable of
doing. It was only afterwards that the truth was revealed once a masking
window had been cleared from the desktop to reveal a CD icon which had
obviously, in a totally unlinked fashion, over-ridden the eject function
in the file mangler, and so unlinked to the reality of mechanically
operated eject buttons, unlike in win2k, that when it came to copying the
2nd CD, it was working with the previous CD's ToC, hence the great big
fucking cockup over splicing files!!!

Jesus H Christ! Are the GUI devs so fucking retarded[3] as to ignore good
principles of GUI design? No wonder I'm in such despair over finding a 64
bit alternative to Windows 2000 SP4! For the moment, it looks like my best
bet is to struggle on with this festering PoS and test install other
distros using the al fresco system with that 30GB Kingston SSD. Zorin
looks promising but I've suffered enough of Linux's empty promises so
don't have too high an expectation in this regard.

My view of Linux as a viable desktop alternative to win2k is becoming
ever more jaundiced as my experience grows. It's a great shame since I do
*so* want to escape the clutches of Microsoft's proprietry world of axe
grinding to serve their own nefarious purposes and that of their partners
in IPR crime (DRM enforcement and pandering to consumeristic desires of
the Great Unwashed masses).

Not *everything* produced by Microsoft was out and out bad but it seems
to suit Microsoft to throw Baby out with the Bathwater and what suits
Microsoft most definitely doesn't suit me, hence my 'Search for The Holy
Grail" of desktop OSes. :-(

[3] Just filling in for a paragraph I missed out in the OP:

It strikes me that the GUI devs are studiously avoiding
the better features of Microsoft's desktop GUI which only results in a
lacklustre 'effort'. They're behaving rather like a very thirsty man so
stupid as to ignore a cool and refreshing glass of potable water even when
it's waved right under his nose.

------------------------------------------------------------------------
ENDQUOTE:

Any constructive thoughts and comments welcomed, particularly in the
case of others who may also have suffered similar experiences using
torrents to fetch Linux LiveCD/installer iso files.

--
Johnny B Good

[Jim Lesurf]

In article <Kjt%w.503755$7_1.3...@fx15.am4>, Johnny B Good

<johnny...@invalid.ntlworld.com> wrote:
> I'm currently, and for the past four weeks now, struggling with a major
> hardware upgrade so major that I'm unable to carry on using Windows 2000
> SP4 due to lack of driver support and thus forced to seriously consider
> alternatives that *aren't* winXP, Vista, win7 *or* any of the win8
> flavours nor any of its successors.

> IOW, I've been looking at *nix desktop distros, Linux based, in
> particular the Ubuntu flavours of Debian, specifically Linux Mint (LM)
> variations, starting with LM 17.1 KDE. I'm currently managing, for the
> moment at least, with LM 17.1 Xfce until I can find a less annoying
> version of *any* flavour of Linux to settle upon.

[big snip]

Can't really comment beyond saying I haven't seen any signs here of the
problems you've had - albeit I installed Mint xfce ages ago on my machines.
I use ROX on top of Xfce, having turned off many 'fancy' features of
'compositing' like transparency, shadows, etc, that seem a pointless pest
to me.

Jim

--
Please use the address on the audiomisc page if you wish to email me.
Electronics http://www.st-and.ac.uk/~www_pa/Scots_Guide/intro/electron.htm
Armstrong Audio http://www.audiomisc.co.uk/Armstrong/armstrong.html
Audio Misc http://www.audiomisc.co.uk/index.html

[William Unruh]

On 2015-04-27, Johnny B Good <johnny...@invalid.ntlworld.com> wrote:
> I'm currently, and for the past four weeks now, struggling with a major
> hardware upgrade so major that I'm unable to carry on using Windows 2000
> SP4 due to lack of driver support and thus forced to seriously consider
> alternatives that *aren't* winXP, Vista, win7 *or* any of the win8
> flavours nor any of its successors.

Corruption of the medium can be checked using the hashes. All distros
post the hashes of thier media. Run md5 or sha1 hashes against the
downloaded file to see if it is the same as the file on the remote
system.
No need to guess.

>
> IOW, I've been looking at *nix desktop distros, Linux based, in
> particular the Ubuntu flavours of Debian, specifically Linux Mint (LM)
> variations, starting with LM 17.1 KDE. I'm currently managing, for the
> moment at least, with LM 17.1 Xfce until I can find a less annoying
> version of *any* flavour of Linux to settle upon. The following, which is

Annoying is what way?

> a copy and paste from a reply I made in the recent "OT: Computer running
> slow" thread in utd-tv pretty well spells it all out. Please keep in mind
> that the torrent client is Transmission running as a service on my
> NAS4Free box. I won't impose such a duty on *any* desktop PC regardless
> of the installed OS, hence my supposition of 'torrent poisoning' rather
> than some clever malware being present on the host.
>

.....

>
> Any constructive thoughts and comments welcomed, particularly in the
> case of others who may also have suffered similar experiences using
> torrents to fetch Linux LiveCD/installer iso files.

A hash error indicates a corrupted file. Thus your source file is
corrupted. Note that torrents do not download from any specific place.
They grab bits and pieces from all over the web. The only defense is to
compare the hash from a known-to-be-good-source with what you have.

You could just download using rsync from a mirror, rather than by
Torrent.

[Richard Kettlewell]

Johnny B Good <johnny...@invalid.ntlworld.com> writes:
> I've picked this post up after what I can only describe as "A Lost
> Weekend" trying to overcome some really weird installer failures in three
> of the other flavours of Linux Mint (LM 17.1 Xfce-64bit and the two 64 bit
> LMDE-2 editions). In each case, they booted into a Live CD session ok but
> when it came to running the installers, they *all* fatally failed about
> two thirds of the way into the initial file copying process after
> specifying the user credentials with an IO error suggesting either
> corrupted install media or faulty hard disk.

You need to identify which of these two possibilities applies.
Otherwise anything else you try has a 50% chance of being irrelevant.

--
http://www.greenend.org.uk/rjk/

[The Real Doctor]

On 27/04/15 17:18, Johnny B Good wrote:
> hence my supposition of 'torrent poisoning' rather
> than some clever malware being present on the host.

I had very similar symptoms arise from a dodgy connection to an IDE hard
drive. The fact that it happened with three different versions of the
software (albeit one a faulty download) suggests that it's a problem
with your hardware; either a fault or an incompatibility.

Ian

[Johnny B Good]

On Mon, 27 Apr 2015 18:53:02 +0100, Jim Lesurf wrote:

> In article <Kjt%w.503755$7_1.3...@fx15.am4>, Johnny B Good
> <johnny...@invalid.ntlworld.com> wrote:
>> I'm currently, and for the past four weeks now, struggling with a major
>> hardware upgrade so major that I'm unable to carry on using Windows
>> 2000 SP4 due to lack of driver support and thus forced to seriously
>> consider alternatives that *aren't* winXP, Vista, win7 *or* any of the
>> win8 flavours nor any of its successors.
>
>> IOW, I've been looking at *nix desktop distros, Linux based, in
>> particular the Ubuntu flavours of Debian, specifically Linux Mint (LM)
>> variations, starting with LM 17.1 KDE. I'm currently managing, for the
>> moment at least, with LM 17.1 Xfce until I can find a less annoying
>> version of *any* flavour of Linux to settle upon.
>
> [big snip]
>
> Can't really comment beyond saying I haven't seen any signs here of the
> problems you've had - albeit I installed Mint xfce ages ago on my
> machines.

Well, I think I downloaded the original iso image direct from one of the
mirrors about two months ago now. I only tried the torrent route on
account it's often a faster download compared to leeching off a single
server since, ime these last few years, very few such sources are able to
match the 35000000bps download link speed of a VM cable connection.

This last download from Kent University surprised me somewhat by
averaging some 3.5MB/s, close to the limiting service speed of my local
cable link. Methinks the rest of the internet is starting to catch up
with VM cable speeds at long last! :-)

> I use ROX on top of Xfce, having turned off many 'fancy' features of
> 'compositing' like transparency, shadows, etc, that seem a pointless
> pest to me.

I've no idea what ROX is, presumably a window mangler. No mind, I can
always 'google it'. :-)
>

That's *one* of the first things I do on a fresh windows install, change
from 'best appearance' where every single bling option is selected by
default, to 'best performance' where it's all unchecked, enabling just
three of the useful 'bling' items which creates a 'custom option'.

On a *nix box, I suspect these options will unlikely to be all gathered
together in one neat options group like it is in windows. That won't, of
course, stop me from doing the same thing if I ever find a distro I like.

With regard to verifying the MD5 checksums, I'm afraid to say that I've
gotten rather blase about recieving error free downloads over the past 6
years or so that I've been taking the trouble to check my FreeNAS/N4F
image file downloads.

The surprisngly suspicious thing about the two versions is that they
were both exactly, to the byte, the same size. Considering all the SHA
checksumming and whatnot involved in the torrenting process, it seems it
would need some deliberate action by someone somewhere in the system to
corrupt such transfers. However, it may be nothing more prosaic than a
duff transfer to the torrent master used for seeding the torrents. I'm
guessing most *nix fans tend to steer clear of torrent sources for their
critical iso image downloads.

I've yet to repeat my failed attempts to install the two LMDE versions
with directly downloaded images (the torrents for those did match MD5
checksumwise) but, if my suspicions are right, the directly downloaded
ones should work just fine, confirming some sort of deliberate alteration
designed to maximise the ensuing grief whilst arranging for the MD5
checksums to still match the published ones.

--
Johnny B Good

[William Unruh]

Well, that would be an accomplishment. Using it to corrupt a Linux
download would be like having the keys to Fort Knox and
using them to make a screwdriver.


>

[Johnny B Good]

On Mon, 27 Apr 2015 18:22:00 +0000, William Unruh wrote:

> On 2015-04-27, Johnny B Good <johnny...@invalid.ntlworld.com> wrote:
>> I'm currently, and for the past four weeks now, struggling with a
>> major
>> hardware upgrade so major that I'm unable to carry on using Windows
>> 2000 SP4 due to lack of driver support and thus forced to seriously
>> consider alternatives that *aren't* winXP, Vista, win7 *or* any of the
>> win8 flavours nor any of its successors.
>
> Corruption of the medium can be checked using the hashes. All distros
> post the hashes of thier media. Run md5 or sha1 hashes against the
> downloaded file to see if it is the same as the file on the remote
> system.
> No need to guess.

I know, I know. :-( My bad and all. I'd simply gotten rather blasé about
the reliability of file transfers over the internet these last 5 or 6
years. Mind you, it wouldn't have helped with the LMDE-2 versions I
tried, only the LM 17.1 Xfce one.

>
>
>> IOW, I've been looking at *nix desktop distros, Linux based, in
>> particular the Ubuntu flavours of Debian, specifically Linux Mint (LM)
>> variations, starting with LM 17.1 KDE. I'm currently managing, for the
>> moment at least, with LM 17.1 Xfce until I can find a less annoying
>> version of *any* flavour of Linux to settle upon. The following, which
>> is
>

> Annoying in what way?

In many ways. Most notably the lack of drag and drop copy or move and
the convoluted method for renaming files (in win2k and XP at least, it's
simply a matter of making a second left mouse click on an already
highlighted file to enable the file renaming edit function - none of this
right click/select rename or press ALT F4 or whatever 'shortcut keys'[1]
combo nonsense.

>
>
>> a copy and paste from a reply I made in the recent "OT: Computer
>> running slow" thread in utd-tv pretty well spells it all out. Please
>> keep in mind that the torrent client is Transmission running as a
>> service on my NAS4Free box. I won't impose such a duty on *any* desktop
>> PC regardless of the installed OS, hence my supposition of 'torrent
>> poisoning' rather than some clever malware being present on the host.
>>
> .....
>
>
>> Any constructive thoughts and comments welcomed, particularly in the
>> case of others who may also have suffered similar experiences using
>> torrents to fetch Linux LiveCD/installer iso files.
>
> A hash error indicates a corrupted file. Thus your source file is
> corrupted. Note that torrents do not download from any specific place.
> They grab bits and pieces from all over the web. The only defense is to
> compare the hash from a known-to-be-good-source with what you have.
>
> You could just download using rsync from a mirror, rather than by
> Torrent.

I know the basics behind the torrent system. Perhaps I was simply seeing
nothing more prosaic than a hack into the server hosting the seed file
rather than some extremely sophisticated MITM attack on the torrent
system itself.

As you say, the only certain way to verify is to compare the published
MD5 or SHA checksums and even then, it's still possible to make a fake
file generate an MD5 match. The SHA checksum is a more difficult one to
subvert which is why it's being used in preference to MD5.

The interesting thing is that the LMDE-2 versions had matching MD5s so
I'd have been none the wiser. As I told Jim, I've yet to directly
download them from a mirror to test whether the problem exists in those
versions. If, as I suspect will be the case, the directly downloaded ones
work ok, it would seem that there is a problem with the torrent seed file
versions (or else a very sophisticated MITM vulnerability exploit
involved).

I'm having a bad enough *nix 'experience' as it is without all this
"corrupted iso image file" nonsense to contend with as well.

[1] I did try to check what the shortcut key combo was but the Xfce
desktop file manager (Thunar) doesn't offer any such shortcut key hint at
all for the rename option. As I said, it's even less functional than the
KDE version. :-(

--
Johnny B Good

[Johnny B Good]

Well, I do believe I can safely say that the problem lies with the
install media, in particular, the iso image files themselves. Discovering
(belatedly) that the torrent downloaded Xfce version's MD5 checksum
didn't match the published one, along with the fact that the identical in
size direct download from the Kent university mirror did match which I
used to remake the bootable pen drive which in its turn worked flawlessly
strongly suggests the problem lies not with any of the systems I tried to
install onto.

However, it seems that matching MD5 checksums isn't enough of a
guarantee as to the state of the file being identical to the original
source file (at least that's what I'm expecting to discover when I
download these two iso files directly from a mirror such as the
aforementioned Kent university).

This is the third reply I've made, basically confirming what should have
already been apparent in my OP. Apologies all round if this isn't so.

--
Johnny B Good

[William Unruh]

On 2015-04-28, Johnny B Good <johnny...@invalid.ntlworld.com> wrote:
> On Mon, 27 Apr 2015 18:22:00 +0000, William Unruh wrote:
>
>
> As you say, the only certain way to verify is to compare the published
> MD5 or SHA checksums and even then, it's still possible to make a fake
> file generate an MD5 match. The SHA checksum is a more difficult one to
> subvert which is why it's being used in preference to MD5.

No. MD5 is suspected of being weak. There are ways of creating two files
which have the same MD5 (note that this is not the same as creating a
second file as a first preexisting file).
No one has ever shown even a glimmer that the latter is possible, which
is what would be needed in your scenario. As I said, if it were
possible, and someone had discovered it in secret, using it to subvert
Mint downloads would be incredibly stupid.

>
> The interesting thing is that the LMDE-2 versions had matching MD5s so
> I'd have been none the wiser. As I told Jim, I've yet to directly
> download them from a mirror to test whether the problem exists in those
> versions. If, as I suspect will be the case, the directly downloaded ones
> work ok, it would seem that there is a problem with the torrent seed file
> versions (or else a very sophisticated MITM vulnerability exploit
> involved).

Or as has been mentioned, one common factor is your computer. A hardware
error there is far more likely than your scenarios. It is like a mother
coming into a living room and being told the broken lamp was the fault
of unicorn that came into the house and knocked over the lamp.

>
> I'm having a bad enough *nix 'experience' as it is without all this
> "corrupted iso image file" nonsense to contend with as well.

You have launched yourself into a self made swamp and are floundering
around in it. Look elsewhere for the problem.

>
> [1] I did try to check what the shortcut key combo was but the Xfce
> desktop file manager (Thunar) doesn't offer any such shortcut key hint at
> all for the rename option. As I said, it's even less functional than the
> KDE version. :-(

Who cares. You rename how many files a month?
You have already wasted far more time describing it to us than it cost
you.

>

[Johnny B Good]

I do see where you're coming from, Ian. BTDT&GTBTS! The most memorable
occasion involved excessive vibration of a brand spanking new IDE (PATA
to the younger generation) HDD and the shite audio quality pressing
created by Microsoft of their official windows 98 install CD, coupled
with a 24 speed CDROM which, unfortunately rather lived up just too well
to its model name, "Vibrant" all exacerbated by the PC being built into a
taller than usual "Desktop Tower" case made from cheap tin with an overly
well endowed drive bay stack that had an uncountable number of resonance
modes.

The first attempts to install windows all failed, eventually showing up
as a few bad sectors on the brand new drive when it finally occurred to
me to run the HDD diagnostics. Assuming the drive had been faulty to
begin with, I waited for my customer to RMA his purchase and return with
the replacement drive so I could have another attempt.

I'm pretty certain that I ran the HDD diagnostics on the replacement
before trying to install windows again so that when it failed yet again,
I was able to see that the attempt had caused two or three bad sectors to
become evident. It was only after this had happened that it occured to me
that the badly balanced Microsoft supplied installation CD had been the
source of a severe enough vibration to actually cause the HDD to create
bad sectors.

I burnt an image copy of the windows 98 CD and repeated the installation
using the much better balanced for high speed CD-R copy, eventually
completing the installation successfully, proving my thesis in the
process.

In the end, I got around the problem of CD induced vibration by
strapping the HDD with large plastic cable ties to the underside of the
PSU using four small stick on rubber feet on the top side of the HDD as
protectors/dampers since this was the one location that seemed least
effected by vibration from the drive bay cage (when you've only got
lemons, make lemonade).

Other times that I've seen HDDs suffer bad sectors and corruption was
when the 4 pin Molex contacts had become loose causing rather nasty
transients on the 5 and 12 volt connections, a condition the HDD
controller hadn't been designed to cope with (they do, however, cope just
fine with the rather more leisurely loss of supply voltage in the event
of mains power loss - instant voltage dips are just too much of a problem
to deal with).

The other, pretty rare scenario you're referring to, involves a failing
contact in one or more of the 20 or so active signal pins in the 40 way
interface connector. Since, unlike the SATA case, there isn't any ECC
coding of the data and commands flowing across the 16 bit wide data path,
not only is it possible for data transfers to become corrupted in each
direction, more importantly command words are also vulnerable, leading to
the possibility of a read command being interpreted as a write command or
else a sector address becoming corrupted and data being written to
randomly wrong sector addresses. Thankfully, properly connected ribbon
cables rarely cause such problems but when they do, all Hell lets loose.

As I've already mentioned, this sort of data/command corruption cannot
arise undetected in the case of SATA. In fact, no harm comes of literally
hot swapping a SATA connected drive with itself (i.e, you can disconnect
the SATA cable from the drive and then reconnect it several seconds later
without complaint from the OS virtually regardless of the data traffic
flow activity at the time).

Much longer and windows will pop up a warning message and wait patiently
for you to decide how to proceed, or at least that *was* the case with
win2k and even winXP before this stopped being true with win7 and
possibly Vista - I can't recall when MS decided to try and disguise the
PC as a "Magic Box" rather than a piece of 'High Tech Equipment' electing
instead to make it behave like a wounded animal that knew it was best to
fake the appearance of being in rude good health and thus not admit that
there was anything wrong - a strategy that produced a behavioural
response more akin to that of a PC suffering from a massive overload of
malware than one trying to deal with a simple 'technical hitch', the
reporting of which would have given the game away that the 'Consumer'
didn't possess a "Magic Box" after all but merely a collection of
extremely high tech parts held together by an OS written by a two bit
company that doesn't care one bit for its customers.

In this, I speak from bitter experience dealing with a win7 box that
showed all the hallmarks of a 'Mystery Virus' with which I spent almost a
whole week tracking down, a problem that would have become swiftly
apparent in the case of win2k and XP.

Only then did I finally realise Microsoft's true purpose in their
roadmap to perverting the original nature of the PC as a general purpose
personal computer to the level of a "Magic Box" designed to extract as
much revenue from the hapless consumer via the perverted business of IPR
ownership by large corporations capable of influencing Democratic
governments into enacting punitive laws against any transgressions that
would interfere with the cashflow arising from copyright protected
materials and ideas such corporate entities had perverted into a modern
day cash cow revenue stream.

It was Microsoft who first demonstrated how IPR could be used as a
licence to print money two decades ago and the rest of their partners in
crime have simply followed the money stream. It should have come as no
surprise that this was where it was all going to end.

Apologies for the rant. The point I was originally trying to make is
that SATA disks simply don't show the same symptoms of 'bad data
connectors' as their IDE predecessors. Bad data connectors will show
symptoms but they're not quite so inventively mysterious as those we used
to see with IDE drives, essentially being one of non-fatal
unresponsiveness, often cured (even if only temporarily) by a swift slap
to the side of the PC case.

The power connector, otoh, has exactly the same potential for data
corruption and bad sector generation as the IDE drives but, unlike the
data connector, the SATA power connector is a much more secure fit
designed to facilitate safe hot plugging/unplugging using higher quality
materials than the low quality 4 pin Molex connectors which can so easily
succumb to intermittent contact with the potential to produce some really
savage power supply transients so SATA drives generally only show
problems with the DATA cables and never, IME, with their power cable
connectors.

So, to address your conjecture, the problem most definitely had nothing
whatsoever to do with 'Bad Hardware' and everything to do with 'bad iso
image files' as I thought I'd made apparent in my OP. However, perhaps I
didn't stress this fact enough and left far too much as an exercise in
"Reading Between The Lines". If so, my apologies to one and all.

--
Johnny B Good

[Tim Watts]

On 28/04/15 02:31, Johnny B Good wrote:

> Well, I think I downloaded the original iso image direct from one of the
> mirrors about two months ago now. I only tried the torrent route on
> account it's often a faster download compared to leeching off a single
> server since, ime these last few years, very few such sources are able to
> match the 35000000bps download link speed of a VM cable connection.
>
> This last download from Kent University surprised me somewhat by
> averaging some 3.5MB/s, close to the limiting service speed of my local
> cable link. Methinks the rest of the internet is starting to catch up
> with VM cable speeds at long last! :-)

When I was at a university with 20GBit/sec connection to JANET (strictly
2x10gig, one to each ring on the London MAN) I could pull at gig speeds
from ftp.nluug.nl and on occasion ftp.sunet.se was extremely fast.

[Tim Watts]

On 28/04/15 03:55, William Unruh wrote:

> No. MD5 is suspected of being weak.

That's an understatement :)

There are ways of creating two files
> which have the same MD5 (note that this is not the same as creating a
> second file as a first preexisting file).
> No one has ever shown even a glimmer that the latter is possible, which
> is what would be needed in your scenario. As I said, if it were
> possible, and someone had discovered it in secret, using it to subvert
> Mint downloads would be incredibly stupid.

That's true...

[William Unruh]

On 2015-04-28, Tim Watts <tw_u...@dionic.net> wrote:
> On 28/04/15 03:55, William Unruh wrote:
>
>> No. MD5 is suspected of being weak.
>
> That's an understatement :)

Not really. As I said there is no evidence that one can find or genrate
a file which will have the same MD5 hash as a given file. It is true
that the ability to create two files which have the same MD5 hash is a
serious weakness, but one that is not any sort of danger in this case
unless you believe that the distribution publishers were in on an
attempt to fool users into download a bad file (in which case they could
simply publish a bad file). Ie, as usually used MD5 is not known to be
weak. However, because of its other weaknesses the suggestion that
another hash like SHA be used instead. It is like hiring a hockey
player. Knowing he is a useless basketball player does not really say
anything about their ability at hockey.

[The Real Doctor]

On 28/04/15 04:57, Johnny B Good wrote:
> Apologies for the rant. The point I was originally trying to make is
> that SATA disks simply don't show the same symptoms of 'bad data
> connectors' as their IDE predecessors.

Sure. I wasn't thinking "drive" as much as "obscure hardware issue that
only shows well into an installation".

The most recent one I had like that was a PC which booted fine from a
stick and installed OK, then behaved very erratically. Turned out that I
hadn't pushed the ribbon connector into the back of the DVD drive quite
far enough ...

Ian

[Richard Kettlewell]

Johnny B Good <johnny...@invalid.ntlworld.com> writes:
> However, it seems that matching MD5 checksums isn't enough of a
> guarantee as to the state of the file being identical to the original
> source file (at least that's what I'm expecting to discover when I
> download these two iso files directly from a mirror such as the
> aforementioned Kent university).

That’s not very plausible. MD5 demonstrably lacks collision resistance
but as far as any knows its preimage resistance remains intact.

That said people who care about data integrity migrated away from MD5
years ago...

--
http://www.greenend.org.uk/rjk/

[Johnny B Good]

Well, shit like that just happens. I've had similar experiences,
admittedly it's been more a case of 'faded with age laser diode
assemblies' causing the often years old optical drives in the PCs I've
had in for repair rather than connector issues. In these cases I've had
to temporarily connect up a known to be good drive to complete the
installation and get the initial problem sorted.

As for the time wasted here, trying to get out of the swamp of my own
making, I needed a break and some input from others' thoughts on my
problems. Since the replies have given me food for thought, it's not been
a complete waste of time, thanks to everyone for taking the trouble to
offer your suggestions. :-)

As for the need to be able to easily rename files, I need to do this not
just once or twice a week but several times a day so it *is* important to
me that this process be as slick as possible. I do appreciate that for
most users, this slickness of renaming files is a much lower priority so
isn't a major issue.

The one possibility that I've neglected to deal with is that of
verifying the brand new Corsair DDR3 2 x 4GB dimms that my son had gifted
to me as part of the upgrade kit (MoBo and CPU) as a premature Birthday
Present two months ago. Subtle defects in ram could rather neatly explain
the apparent symptoms I've been seeing with 'corrupted' iso image file
downloads.

It occurs to me that the original image file (LM 17.1 KDE) was
downloaded and processed into a bootable pen drive using the original
hardware set up (which now resides as an Al Fresco system on my
workbench), a system that I can be pretty confident is still perfectly
reliable (acts of Murphy aside).

By the time I was looking to download the later afflicted images, I was
using the new hardware setup. When I re-downloaded that corrupted LM 17.1
Xfce image from the Kent Uni server, I did this from the original
hardware setup rather than the new one (I guess I was determined to use a
well proven system I still had some trust in).

Thinking about it *now*, there does seem to be a common factor in regard
of the three 'corrupted' images I downloaded, the common factor being the
use of the current hardware upgraded machine, a machine I neglected to
properly commission in regard to the brand new DDR3 dimms not having been
subjected to a memory test.

Running Memtest86 on 8GB's worth of ram can take quite a bit of time so
this is going to be the last post on the subject for several hours at
least. Don't hold your breath, I'll report the results as soon as I can
(probably late evening rather late afternoon).

Once again, thanks to everyone who responded to my original questions
and put up with my sometimes ranty replies. See you all soon (I hope!).


--
Johnny B Good

[Tony Houghton]

In <HQB%w.504589$7_1.1...@fx15.am4>,

Johnny B Good <johnny...@invalid.ntlworld.com> wrote:

> In many ways. Most notably the lack of drag and drop copy or move and
> the convoluted method for renaming files (in win2k and XP at least, it's
> simply a matter of making a second left mouse click on an already
> highlighted file to enable the file renaming edit function - none of this
> right click/select rename or press ALT F4 or whatever 'shortcut keys'[1]
> combo nonsense.

Try dragging with the middle button, that seems to be the convention to
give you move/copy options in Linux file managers.

Sometimes Linux developers get things right when deciding what (not) to
copy from Windows. For example, I like to use the single click to open
option, which is unusable in Windows because, instead of ctrl-click to
select, they've implemented "hover to select" which effectively selects
and deselects files at random with entropy based on mouse movement :-).

[Johnny B Good]

On Tue, 28 Apr 2015 14:13:24 +0000, Johnny B Good wrote:

====snip====

>
> Running Memtest86 on 8GB's worth of ram can take quite a bit of time so
> this is going to be the last post on the subject for several hours at
> least. Don't hold your breath, I'll report the results as soon as I can
> (probably late evening rather late afternoon).
>

UPDATE!

The test didn't take all that long, I let it run for just over 3 hours
to complete two and a bit passes. There were no failures so 'Bad Ram'
seems a less likely possible cause of trouble with the bootable image
files.

I'm going to only use the old hardware set up for now to download fresh
images from the UK mirror and create a fresh set of bootable pen drives
to try the LMDE-2 versions again. There's no sense in keeping those thumb
drives tied up with corrupted boot images.

It's all rather mysterious as to how I landed up with 3 different
versions of LM all failing to complete the install process in virtually
identical fashion from what seems to be down to corruption in the install
media (including a couple of DVDs) despite managing to pass their self
verification tests.

I'll report back on my results once I've finished testing with new
images.

--
Johnny B Good

[David Love]

Johnny B Good <johnny...@invalid.ntlworld.com> wrote:

[snip]

_________________________________________________________________________
>
> I've picked this post up after what I can only describe as "A Lost
> Weekend" trying to overcome some really weird installer failures in
> three of the other flavours of Linux Mint (LM 17.1 Xfce-64bit and the
> two 64 bit LMDE-2 editions). In each case, they booted into a Live CD
> session ok but when it came to running the installers, they *all*
> fatally failed about two thirds of the way into the initial file copying
> process after specifying the user credentials with an IO error
> suggesting either corrupted install media or faulty hard disk.

[snip]

Before I emigrated to New Zealand in 1962 one of my favourite radio
programmes was The Archers which, I understand, is still going strong!
This thread will beat The Archers longevity.

A couple of suggestions:

(a) Go to OSDisc.com and purchase a copy of LinuxMint 17.1 Rebecca with
the desktop manager of your choice. It will cost you just $US5.95.

(b) Join the Linux Mint Forum. The members are very helpful.

DL

--
David Love
Gambling: The sure way of getting nothing for something.

[Nigel Wade]

On 28/04/15 15:13, Johnny B Good wrote:
> As for the need to be able to easily rename files, I need to do this not

> just once or twice a week but several times a day so it*is* important to

> me that this process be as slick as possible. I do appreciate that for
> most users, this slickness of renaming files is a much lower priority so
> isn't a major issue.

I think your problem here is that you are failing to identify the correct tool for the task in hand.

You've decided that your tool of choice is to be a hammer (Linux Mint Xfce) and that you are going to use that hammer
regardless of what you need to do. If you have a screw to insert you're going to use your hammer to insert it.

In Windows-land you have the Windows Explorer. You rename files in what I consider to be a rather silly operation, but
one which you can get used to. I regard it as silly because of the duplication of the left-click followed by left-click
operation which is already used to "activate" a file. If your second left-click to rename a file is a little too quick
you activate the file (with whatever action is defined for the file type) rather than rename it.

On the Linux desktop I use KDE. The file manager here is Dolphin. To rename a file in Dolphin I just right-click on the
file, and choose "Rename..." from the popup menu. Depending on the nature of the rename, and being a long time user of
UNIX/Linux, I very often choose to rename files from the command line because it's easier and quicker. In Dolphin there
is an inbuilt command-line which can be displayed in a separate panel of the Dolphin window, and it follows the
navigation of Dolphin so its cwd is the same as the folder which Dolphin is displaying. Using the mv command in that
command line window is often the best option.

If you are regularly renaming files, and the operation is routine, then a better option than manually editing them in a
GUI might be to script the file name change and use cron/at to automate it.

As for drag'n'drop, most Linux file managers support this. I don't know what Linux Mint uses, but Dolphin in KDE
certainly does. You can use drag to copy/move between open Dolphin windows. You can drag/drop files in an already open
application to open them if that application supports it - many do. You can drag files onto an email composition window
to attach them to the message. etc.

So, I think you would benefit from a visit to your friendly Linux DIY store to explore some tools other than the one
"hammer" which you are currently trying to use for what appears to be the wrong task.

[Tim Watts]

On 29/04/15 11:20, Huge wrote:
> On 2015-04-29, Nigel Wade <n...@ion.le.ac.uk> wrote:
>
> [23 lines snipped]

>
>> If you are regularly renaming files, and the operation is routine, then a better option than manually editing them in a
>> GUI might be to script the file name change and use cron/at to automate it.
>

> And I'd strongly recommend installing Larry Wall's "rename" perl script.
>

+100 to that - it is a damn useful tool...

[Johnny B Good]

On Wed, 29 Apr 2015 11:07:12 +0100, Nigel Wade wrote:

> On 28/04/15 15:13, Johnny B Good wrote:
>> As for the need to be able to easily rename files, I need to do this
>> not
>> just once or twice a week but several times a day so it*is* important
>> to me that this process be as slick as possible. I do appreciate that
>> for most users, this slickness of renaming files is a much lower
>> priority so isn't a major issue.
>
> I think your problem here is that you are failing to identify the
> correct tool for the task in hand.
>
> You've decided that your tool of choice is to be a hammer (Linux Mint
> Xfce) and that you are going to use that hammer regardless of what you
> need to do. If you have a screw to insert you're going to use your
> hammer to insert it.

The famous Birmingham screwdriver. When the only tool you've been issued
with is a hammer, every screw looks like a nail. :-)

>
> In Windows-land you have the Windows Explorer. You rename files in what
> I consider to be a rather silly operation, but one which you can get
> used to. I regard it as silly because of the duplication of the
> left-click followed by left-click operation which is already used to
> "activate" a file. If your second left-click to rename a file is a
> little too quick you activate the file (with whatever action is defined
> for the file type) rather than rename it.

I appreciate your criticism but, luckily for me, the worse consequence
is that I land up playing a media file which is merely a minor
irritation. The only file types that have the potential to produce more
serious consequences are executables (.com, .exe, .bat and .scr) for
which there's very little reason or need to rename them, other than
downloaded setup/install files where I might add the date, in the form
"20150429" for example, to make it that little bit clearer as to which
otherwise inscrutably named version was added to today's repertoire.
Since this is not a routine operation that forms part of a more complex
routine, I take rather more care with the renaming these files.

>
> On the Linux desktop I use KDE. The file manager here is Dolphin. To
> rename a file in Dolphin I just right-click on the file, and choose
> "Rename..." from the popup menu. Depending on the nature of the rename,
> and being a long time user of UNIX/Linux, I very often choose to rename
> files from the command line because it's easier and quicker. In Dolphin
> there is an inbuilt command-line which can be displayed in a separate
> panel of the Dolphin window, and it follows the navigation of Dolphin so
> its cwd is the same as the folder which Dolphin is displaying. Using the
> mv command in that command line window is often the best option.

The problem with your advice is that you're assuming I need to modify
filenames in a regular way that lends itself to such batch processing.
Unfortunately for me, it's not quite so simple as that (but it could
usefully be applied to the filenames generated by the scheduled TV
recording function in Kaffeine to add an 8 digit date code, leaving me
just the final touch of editing the episode number and, optionally,
episode name).

>
> If you are regularly renaming files, and the operation is routine, then
> a better option than manually editing them in a GUI might be to script
> the file name change and use cron/at to automate it.

That's something I could do with Kaffeine's scheduled recordings to add
an 8 digit date code (assuming I'm not overlooking an obvious naming rule
function already built in), but I still need to add individual episode
names and/or episode numbers when recording a series.

I used to think that Kaffeine's ability to name the files from the epg
data as a rather neat method but its rules over maximum name length and
suffixing with ...nn.mt2 proved more limiting than useful in too many
cases.

DTVR, which I was using in win2k, had various auto-naming options of
which the only safest and useful one was simply to use the date and time,
leaving me to add the actual series names and their episode numbers and
names, usually copied and pasted from the BBC's or bleb.org's listings. I
had a very neat way to minimise the copying and pasting otherwise
involved which took advantage of the earlier recordings already in the
destination folder.

>
> As for drag'n'drop, most Linux file managers support this. I don't know
> what Linux Mint uses, but Dolphin in KDE certainly does. You can use
> drag to copy/move between open Dolphin windows. You can drag/drop files
> in an already open application to open them if that application supports
> it - many do. You can drag files onto an email composition window to
> attach them to the message. etc.

I'm not sure about Dolphin being able to do this (it certainly didn't
provide a *right* click drag 'n' drop - but that's also true of Thunar
used in the current LM Xfce install) but Thunar does allow *left* click
drag 'n' drop for *copying only* (this may also be true for Dolphin - I
can't recall testing this possible function). Unfortunately, this is only
*sometimes* useful.

A lot of the time, I simply want to move a file. In windows, when left
clicking and dragging from one folder to another in the same disk volume,
this defaults to a move, defaulting to a copy operation only when
dragging to a different disk volume. As defaults go, it's useful
behaviour but just the same, I tend to play safe and right click drag 'n
drop so I can positively choose the required action.

I'll concede that you may have a point in regard of the 'sillyness' of a
secondary left click function for renaming files but overlooking the
potential in a right click drag 'n' drop function seems even sillier to
me.

>
> So, I think you would benefit from a visit to your friendly Linux DIY
> store to explore some tools other than the one "hammer" which you are
> currently trying to use for what appears to be the wrong task.

I've no doubt that I could benefit but this all takes time and right
now, all I can do is take note and try and plough on with sorting out a
distro that, afaiac, is the least broken[1] and catch up with the ever
increasing backlog of recordings.

[1] Thunar in Xfce enumerates the folder listings on remote file shares
in a timely enough fashion but I like it even less than Dolphin in the
KDE version where it takes forever to populate such folders. Right now, I
feel as though I'm stuck between a rock and a hard place which, to say
the least, leaves me feeling somewhat disgruntled.

--
Johnny B Good

[Johnny B Good]

On Wed, 29 Apr 2015 10:20:57 +0000, Huge wrote:

> On 2015-04-29, Nigel Wade <n...@ion.le.ac.uk> wrote:
>
> [23 lines snipped]
>

>> If you are regularly renaming files, and the operation is routine, then
>> a better option than manually editing them in a GUI might be to script
>> the file name change and use cron/at to automate it.
>

> And I'd strongly recommend installing Larry Wall's "rename" perl script.

Duly noted! :-)

--
Johnny B Good

[Johnny B Good]

Ok, I've got the message!

--
Johnny B Good

[William Unruh]

On 2015-04-29, Nigel Wade <n...@ion.le.ac.uk> wrote:

> On 28/04/15 15:13, Johnny B Good wrote:
>> As for the need to be able to easily rename files, I need to do this not
>> just once or twice a week but several times a day so it*is* important to
>> me that this process be as slick as possible. I do appreciate that for
>> most users, this slickness of renaming files is a much lower priority so
>> isn't a major issue.
>
> I think your problem here is that you are failing to identify the correct tool for the task in hand.
>

.....

> one which you can get used to. I regard it as silly because of the duplication of the left-click followed by left-click
> operation which is already used to "activate" a file. If your second left-click to rename a file is a little too quick
> you activate the file (with whatever action is defined for the file type) rather than rename it.
>
> On the Linux desktop I use KDE. The file manager here is Dolphin. To rename a file in Dolphin I just right-click on the
> file, and choose "Rename..." from the popup menu. Depending on the nature of the rename, and being a long time user of

He said that he found this procedure clunky. I have no idea of his
aesthetics since I do not find it clunky, and apparently neither do you,
but he does.
I assume he has the delayed left click in windows down pat (He says he
changes the names of many files per day-- would make me think a better
way of naming them originally would be worthwhile, but I have no idea
what he is doing).

Mind you on my system, it says that there is shortcut -- F2-- to
renaming the file, but I guess he would complain of having to use the
keyboard as well as the mouse to rename.

[John F]

"Johnny B Good" <johnny...@invalid.ntlworld.com> wrote in message
news:kyD%w.504591$7_1....@fx15.am4...

> --
> Johnny B Good

Bravo! a good rant and welcome reading on Friday afternoon!! (especially if
it is a Micro$loft rant!)

John

[John F]

"Johnny B Good" <johnny...@invalid.ntlworld.com> wrote in message

news:_H50x.499944$3i4.2...@fx29.am4...

I was a long time (years and years) nautilus user and was so accustomed to
using that tool to rename any files that needed it - simple, easy etc. But
I got a new computer a few weeks back and since I dislike the Unity desktop
so much, decided to install Kubuntu instead with it's dolphin file manager.
I am now hooked on it! a very useful tool - performing the usual functions
without any hassle (IMO) - I'm impressed actually, because I thought that
nautilus was the be-all end-all of file managers, how I was mistaken! works
for me - and ime, that is all that matters for me :)

John

John