41: The ISOing Machine
2009-01-19
Download MP3 For Geekons Episode 41
Pop-Up: ISO Recorder
- A free utility that allows you to create and burn ISO disk images.
- ISO images, or ISO disk images, or just "ISO's" are all simple ways to reference the ISO 9660 filesystem used for data CDs on computers.
- ISO images are single files with no compression that contain multiple files.. kind of like a TAR file, or a zip file with zero compression.
- Our computers are familiar with the format, so when you pop a CD in your CD ROM that has an ISO 9660 filesystem, your computer simply shows you the files on the CD.
- If you were to make a true "disk image" of the system, you would most likely be pulling the raw ISO data from the CD ROM in order to store it somewhere and write it to another disk.
- If you want to try out an operating system, like Linux or Windows 7 beta, you would more than likely download an ISO file, burn it to CD, and boot that CD.
- ISO Recorder is a tool that allows you to not only create an ISO image of an existing CD or folder, but also allows you to burn that image to a disk.
- This software has been recommended by the MSDN, and is widely used alongside other popular CD recording software.
- When you download an ISO file off the internet, you can either open your CD burning software and tell it to burn the ISO file to disk, or you can install ISO Recorder and simply right click on the ISO file and say "burn to disk". Much easier and it does the same thing.
- As an incredibly frugal individual that is a stickler for copyright law (even when I don't always agree with it) I love tools like ISO Recorder because it allows me to easily use ISO files without having to buy any software.
- I haven't used the ISO creation tool much, but when I have used it, it has been incredibly dependable.
- 5 out of 5 stars, because it is free, dependable, and free.
Geek-Tweak: How to Verify the Integrity of Downloaded Files
- Have you ever downloaded a large file from a website that had the word md5 or sha-1 with a string of nonsense, or perhaps a file ending with .md5 ?
- Some software, like FileZilla, allow you to verify that the file you downloaded was downloaded properly. An MD5 or sha-1 hash can be run on your computer and compared with the hash in the md5 file or on the website. (note: MD5 isn't near as reliable as sha-1)
- There are even more complicated measures to verify your download wasn't tampered with using GPG (Gnu Privacy Guard, the open source alternative to PGP)
- Here's what I did to verify the PGP signature on the latest version of TrueCrypt:
- Downloaded HashTab from http://beeblebrox.org/hashtab/ and installed it
- Right-clicked on the hashtab installer and chose "Properties" then clicked on the "File Hashes" tab.
- I then copied the MD5 hash from hashtab's website, 9CBA8095538D99943FBE9F09C5FD6E90 at the time of writing, and pasted that in the "verify" field. It showed me a green checkmark, so I'm pretty sure it downloaded the correct file properly without anyone tampering with it.
- Then, I downloaded the GnuPG binary for Windows and used the same method as above to verify its sha-1 checksum. (it checks out! great!)
- I installed GPG using all the default values
- I added the GPG folder (C:Program FilesGNUGnuPG) to my PATH variable
- Right click on "My Computer" and select "Properties"
- Vista users: click "Advanced System Settings"
- Non-vista users, click the "Advanced Settings" tab
- Click the "Environment Variables" button and find the PATH variable in the bottom list.
- Select the PATH variable and click the "Edit"
- Go to the far end of the Variable value, and add a semi-colon followed by the folder that gpg.exe is located in (default is C:Program FilesGNUGnuPG ) and click OK
- Click OK to close any windows this may have opened. (You can now simply type gpg at the command line instead of C:Program FilesGNUGnuPGgpg.exe each time you want to use it)
- Then I created my own key by typing gpg --gen-key and followed the on-screen instructions, choosing the defaults.
- I then installed the public signature of TrueCrypt by opening a command line and typing: gpg --fetch-key http://truecrypt.sourceforge.net/TrueCrypt-Foundation-Public-Key.asc
- After it added that public key to my ring, I signed the key (not really a good idea, but I want to cover all the common steps) by typing "gpg --edit-key TrueCrypt Foundation"
- It displayed the TrueCrypt key, and asked me for a command, I said "sign"
- I confirmed that I wanted to sign the key with my key, and I typed in my passphrase to verify who I was.
- Now that it is signed, I typed "quit" to leave the gpg command line.
- Now that I have my private key, and used it to sign TrueCrypt's public key, I downloaded TrueCrypt and the TrueCrypt .sig file from their website http://www.truecrypt.org/
- I changed the directory to the location I downloaded those files to and typed gpg --verify "TrueCrypt Setup 6.1a.exe.sig" and hit enter, and was told that it was a good signature.
- Viola! I'm done!
- (If I get enough feedback on security stuff, I'll try and figure out how to sign emails and files so other people can verify things you send them...)
View-Source: Verifying the integrity of instruction we receive
- Why do we verify files we download?
- If the files contain a virus, it could infect our system
- If the file was corrupted, we could waste a good DVD when we burn the ISO
- If the file was from the wrong person, we could be getting an invalid version that doesn't do what we thought it would
- How do we verify the files we download?
- We use our private key to sign the publisher's public key
- We verify the signature file the publisher made with their private key
- According to 1 John 4:1-6, those same steps should be taken in our everyday lives for the instruction we receive (whether that instruction comes from a friend, a stranger, or a pastor)
- Why should we verify the instruction we receive?
- If the instruction is meant for our destruction, it could pull us into sin
- If the instruction was a poor interpretation, we could start heading down the wrong path and waste good opportunities to please God
- If the instruction was from a worldly perspective instead of a Godly one, we could be getting invalid instruction that has nothing to do with how this world was created to work.
- How do we verify the instruction we receive?
- 1 John 3:24 tells us that when we invite Christ into our lives, we are given the Holy Spirit, which is kind of like receiving the public key from God, and signing it with our private key by accepting Christ into our lives.
- Galatians 5:25 tells us that if we live by the Spirit we should keep in step with the Spirit, so we should be comparing the Spirit of God with the spirit of the instruction we are receiving.
- But the person offering the instruction seems really sure of himself!
- 1 Corinthians 2:14 shows us that those without the Spirit won't accept things that come from the Spirit, because they are foolishness to them.
- Proverbs 14:15 tells us that there is a way that seems right to a man, but in the end it leads to death.
- By living a life obedient to God, reading his word prayerfully on a regular basis, and comparing the advice we receive to what God has shown us, we can verify the authenticity of the advice we receive.
- Just because we receive advice from a good friend doesn't mean we should take it.
- Validating how we should behave on Earth by advice from someone other than the Creator is like validating the latest download of the Linux kernel with a Microsoft public key.
- When John was giving his instruction to test the spirits, he wasn't just pointing out friends and co-workers, but also spiritual leaders.
- There is nothing wrong with testing what your pastor claims from the pulpit. Remember, your faith is in Christ not in your pastor.
- I encourage you to take notes during the next Bible study you attend, and start a Bible study at home with friends and family members to verify or correct what you learned, allowing the Holy Spirit to guide you alongside God's word.
- You should also verify the advice you are giving others. Are you signing your advice with your own private key, or are you letting God sign it with His?