[dm-crypt] verity for GRUB?

[dm-crypt] verity for GRUB?

[Geoffrey Thomas]

Hi Mikulas et al.,

I'm planning on porting verity to GRUB for validation of a disk image before loading further GRUB configuration / a kernel from it (specifically as part of Secure Boot support for my company's product, MokaFive BareMetal). Before doing this, though, I wanted to check if you knew of any existing effort along these lines.

If not, are you willing to relicense dm-verity.c and/or libverity as GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB (GPLv3+) instead of reimplementing it?

Thanks,
-- 
Geoffrey Thomas
gthomas@mokafive.com

Re: [dm-crypt] verity for GRUB?

[ffrizzy]

[-- Attachment #1: Type: text/plain, Size: 914 bytes --]

GET MEOUT FRONM YOUR LISTS !!
STOP SENDUNG E YOUR MAILS
I HAVE NEVER SUBSCRIBE TO YOUR CORESPONDENCE
UNSUBSCRIBE ME


2012/10/9 Geoffrey Thomas <gthomas@mokafive.com>

> Hi Mikulas et al.,
>
> I'm planning on porting verity to GRUB for validation of a disk image
> before loading further GRUB configuration / a kernel from it (specifically
> as part of Secure Boot support for my company's product, MokaFive
> BareMetal). Before doing this, though, I wanted to check if you knew of any
> existing effort along these lines.
>
> If not, are you willing to relicense dm-verity.c and/or libverity as
> GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB
> (GPLv3+) instead of reimplementing it?
>
> Thanks,
> --
> Geoffrey Thomas
> gthomas@mokafive.com
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

[-- Attachment #2: Type: text/html, Size: 1447 bytes --]

Re: [dm-crypt] Unsubscribe requests

[Arno Wagner]

Why are you so impolite? CC'ing all those people is just 
plain rude. This is a quiet and friendly list.

Now, if you are subscribed to the list, you or somebody with 
access to your email account confirmed that you wanted to be 
subscribed after an email asking you was sent to you (unless 
somebody has hacked the listserver, rather unlikely).

We cannot take you off the list. That requires access to your
email account, and hence you have to do that yourself, using 
the same mechanism used to subscribe. Instructions were in 
the email you got upon subscribing. You can also get help from 
the listserver, as described in Section 1.6 of the cryptsetup 
FAQ here:

http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions

In addition, if you are sure you did not subscribe by
accident, you should make sure your machine and email 
account have not been hacked. It sounds like they have 
been.

Arno



On Tue, Oct 09, 2012 at 08:27:28AM +0200, ffrizzy wrote:
> GET MEOUT FRONM YOUR LISTS !!
> STOP SENDUNG E YOUR MAILS
> I HAVE NEVER SUBSCRIBE TO YOUR CORESPONDENCE
> UNSUBSCRIBE ME
> 
> 
> 2012/10/9 Geoffrey Thomas <gthomas@mokafive.com>
> 
> > Hi Mikulas et al.,
> >
> > I'm planning on porting verity to GRUB for validation of a disk image
> > before loading further GRUB configuration / a kernel from it (specifically
> > as part of Secure Boot support for my company's product, MokaFive
> > BareMetal). Before doing this, though, I wanted to check if you knew of any
> > existing effort along these lines.
> >
> > If not, are you willing to relicense dm-verity.c and/or libverity as
> > GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB
> > (GPLv3+) instead of reimplementing it?
> >
> > Thanks,
> > --
> > Geoffrey Thomas
> > gthomas@mokafive.com
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> >

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

Re: [dm-crypt] Unsubscribe requests

[ffrizzy]

[-- Attachment #1: Type: text/plain, Size: 3071 bytes --]

I am sorry - but I never suibscribed
the same way that I *have no acces to unsubscribe
and you FAQ is too complicated for me and I cant understand it or work with
it
Thats not the lever of an person who simplre send mails and dont have
proffesional backround in computers
SO:
Pleasee delite me from you system
Thanks

*
2012/10/9 Arno Wagner <arno@wagner.name>

> Why are you so impolite? CC'ing all those people is just
> plain rude. This is a quiet and friendly list.
>
> Now, if you are subscribed to the list, you or somebody with
> access to your email account confirmed that you wanted to be
> subscribed after an email asking you was sent to you (unless
> somebody has hacked the listserver, rather unlikely).
>
> We cannot take you off the list. That requires access to your
> email account, and hence you have to do that yourself, using
> the same mechanism used to subscribe. Instructions were in
> the email you got upon subscribing. You can also get help from
> the listserver, as described in Section 1.6 of the cryptsetup
> FAQ here:
>
> http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
>
> In addition, if you are sure you did not subscribe by
> accident, you should make sure your machine and email
> account have not been hacked. It sounds like they have
> been.
>
> Arno
>
>
>
> On Tue, Oct 09, 2012 at 08:27:28AM +0200, ffrizzy wrote:
> > GET MEOUT FRONM YOUR LISTS !!
> > STOP SENDUNG E YOUR MAILS
> > I HAVE NEVER SUBSCRIBE TO YOUR CORESPONDENCE
> > UNSUBSCRIBE ME
> >
> >
> > 2012/10/9 Geoffrey Thomas <gthomas@mokafive.com>
> >
> > > Hi Mikulas et al.,
> > >
> > > I'm planning on porting verity to GRUB for validation of a disk image
> > > before loading further GRUB configuration / a kernel from it
> (specifically
> > > as part of Secure Boot support for my company's product, MokaFive
> > > BareMetal). Before doing this, though, I wanted to check if you knew
> of any
> > > existing effort along these lines.
> > >
> > > If not, are you willing to relicense dm-verity.c and/or libverity as
> > > GPLv2+ instead of just GPLv2, so that I can just use that code with
> GRUB
> > > (GPLv3+) instead of reimplementing it?
> > >
> > > Thanks,
> > > --
> > > Geoffrey Thomas
> > > gthomas@mokafive.com
> > > _______________________________________________
> > > dm-crypt mailing list
> > > dm-crypt@saout.de
> > > http://www.saout.de/mailman/listinfo/dm-crypt
> > >
>
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
>
>
> --
> Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno@wagner.name
> GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25
> 338F
> ----
> One of the painful things about our time is that those who feel certainty
> are stupid, and those with any imagination and understanding are filled
> with doubt and indecision. -- Bertrand Russell
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

[-- Attachment #2: Type: text/html, Size: 4384 bytes --]

Re: [dm-crypt] Unsubscribe requests

[Ralf Ramsauer]

[-- Attachment #1: Type: text/plain, Size: 3848 bytes --]

Write an empty Mail to
dm-crypt-unsubscribe@saout.de

Best Regards,

Ralf

On 10/09/12 10:45, ffrizzy wrote:
> I am sorry - but I never suibscribed
> the same way that I /have no acces to unsubscribe
> and you FAQ is too complicated for me and I cant understand it or work
> with it
> Thats not the lever of an person who simplre send mails and dont have
> proffesional backround in computers
> SO:
> Pleasee delite me from you system
> Thanks
>
> /
> 2012/10/9 Arno Wagner <arno@wagner.name <mailto:arno@wagner.name>>
>
>     Why are you so impolite? CC'ing all those people is just
>     plain rude. This is a quiet and friendly list.
>
>     Now, if you are subscribed to the list, you or somebody with
>     access to your email account confirmed that you wanted to be
>     subscribed after an email asking you was sent to you (unless
>     somebody has hacked the listserver, rather unlikely).
>
>     We cannot take you off the list. That requires access to your
>     email account, and hence you have to do that yourself, using
>     the same mechanism used to subscribe. Instructions were in
>     the email you got upon subscribing. You can also get help from
>     the listserver, as described in Section 1.6 of the cryptsetup
>     FAQ here:
>
>     http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
>
>     In addition, if you are sure you did not subscribe by
>     accident, you should make sure your machine and email
>     account have not been hacked. It sounds like they have
>     been.
>
>     Arno
>
>
>
>     On Tue, Oct 09, 2012 at 08:27:28AM +0200, ffrizzy wrote:
>     > GET MEOUT FRONM YOUR LISTS !!
>     > STOP SENDUNG E YOUR MAILS
>     > I HAVE NEVER SUBSCRIBE TO YOUR CORESPONDENCE
>     > UNSUBSCRIBE ME
>     >
>     >
>     > 2012/10/9 Geoffrey Thomas <gthomas@mokafive.com
>     <mailto:gthomas@mokafive.com>>
>     >
>     > > Hi Mikulas et al.,
>     > >
>     > > I'm planning on porting verity to GRUB for validation of a
>     disk image
>     > > before loading further GRUB configuration / a kernel from it
>     (specifically
>     > > as part of Secure Boot support for my company's product, MokaFive
>     > > BareMetal). Before doing this, though, I wanted to check if
>     you knew of any
>     > > existing effort along these lines.
>     > >
>     > > If not, are you willing to relicense dm-verity.c and/or
>     libverity as
>     > > GPLv2+ instead of just GPLv2, so that I can just use that code
>     with GRUB
>     > > (GPLv3+) instead of reimplementing it?
>     > >
>     > > Thanks,
>     > > --
>     > > Geoffrey Thomas
>     > > gthomas@mokafive.com <mailto:gthomas@mokafive.com>
>     > > _______________________________________________
>     > > dm-crypt mailing list
>     > > dm-crypt@saout.de <mailto:dm-crypt@saout.de>
>     > > http://www.saout.de/mailman/listinfo/dm-crypt
>     > >
>
>     > _______________________________________________
>     > dm-crypt mailing list
>     > dm-crypt@saout.de <mailto:dm-crypt@saout.de>
>     > http://www.saout.de/mailman/listinfo/dm-crypt
>
>
>     --
>     Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email:
>     arno@wagner.name <mailto:arno@wagner.name>
>     GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50
>     1E25 338F
>     ----
>     One of the painful things about our time is that those who feel
>     certainty
>     are stupid, and those with any imagination and understanding are
>     filled
>     with doubt and indecision. -- Bertrand Russell
>     _______________________________________________
>     dm-crypt mailing list
>     dm-crypt@saout.de <mailto:dm-crypt@saout.de>
>     http://www.saout.de/mailman/listinfo/dm-crypt
>
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


[-- Attachment #2: Type: text/html, Size: 7100 bytes --]

Re: [dm-crypt] verity for GRUB?

[Mikulas Patocka]

On Mon, 8 Oct 2012, Geoffrey Thomas wrote:

> Hi Mikulas et al.,
> 
> I'm planning on porting verity to GRUB for validation of a disk image 
> before loading further GRUB configuration / a kernel from it 
> (specifically as part of Secure Boot support for my company's product, 
> MokaFive BareMetal). Before doing this, though, I wanted to check if you 
> knew of any existing effort along these lines.
> 
> If not, are you willing to relicense dm-verity.c and/or libverity as 
> GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB 
> (GPLv3+) instead of reimplementing it?

Ask Red Hat and Google if they want to relicense it.

Mikulas

> Thanks,
> -- 
> Geoffrey Thomas
> gthomas@mokafive.com

Re: [dm-crypt] verity for GRUB?

[Geoffrey Thomas]

On Wed, 10 Oct 2012, Mikulas Patocka wrote:

>> If not, are you willing to relicense dm-verity.c and/or libverity as
>> GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB
>> (GPLv3+) instead of reimplementing it?
>
> Ask Red Hat and Google if they want to relicense it.

Thanks. Do you know who the appropriate contacts at Red Hat would be?

-- 
Geoffrey Thomas
gthomas@mokafive.com

Re: [dm-crypt] verity for GRUB?

[Milan Broz]

On 10/10/2012 10:51 PM, Geoffrey Thomas wrote:
> On Wed, 10 Oct 2012, Mikulas Patocka wrote:
> 
>>> If not, are you willing to relicense dm-verity.c and/or libverity as
>>> GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB
>>> (GPLv3+) instead of reimplementing it?
>>
>> Ask Red Hat and Google if they want to relicense it.

Is there anything from libcryptsetup you want to use or it is just about
kernel code?

If you want to use code from cryptsetup (cryptsetup/lib/verity/*), what exactly
you need and which licence is ok for you (GPL2+ or LGPL?)
(GPL3 will be incompatible with other cryptsetup code.)

Milan

Re: [dm-crypt] verity for GRUB?

[Milan Broz]

Sigh. Obviously I wanted to send this from RH email, sorry :)

On 10/10/2012 11:20 PM, Milan Broz wrote:
> On 10/10/2012 10:51 PM, Geoffrey Thomas wrote:
>> On Wed, 10 Oct 2012, Mikulas Patocka wrote:
>>
>>>> If not, are you willing to relicense dm-verity.c and/or libverity as
>>>> GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB
>>>> (GPLv3+) instead of reimplementing it?
>>>
>>> Ask Red Hat and Google if they want to relicense it.
> 
> Is there anything from libcryptsetup you want to use or it is just about
> kernel code?
> 
> If you want to use code from cryptsetup (cryptsetup/lib/verity/*), what exactly
> you need and which licence is ok for you (GPL2+ or LGPL?)
> (GPL3 will be incompatible with other cryptsetup code.)
> 
> Milan
> 

Re: [dm-crypt] verity for GRUB?

[Geoffrey Thomas]

On Wed, 10 Oct 2012, Milan Broz wrote:

> Is there anything from libcryptsetup you want to use or it is just about
> kernel code?
>
> If you want to use code from cryptsetup (cryptsetup/lib/verity/*), what exactly
> you need and which licence is ok for you (GPL2+ or LGPL?)
> (GPL3 will be incompatible with other cryptsetup code.)

Hm. I _thought_ I could adapt lib/verity/verity_hash.c for what I need, 
but it appears to only support a whole-disk verification, not verification 
of individual blocks. That said, if you're willing to take patches to 
extend libverity's API, I can add the functionality I need. I believe that 
GPLv2+ should work fine for GRUB.

I'm talking with Mikulas about whether the kernel code can be relicensed, 
since that is closer to what I'm trying to do.

-- 
Geoffrey Thomas
gthomas@mokafive.com

Re: [dm-crypt] verity for GRUB?

[Milan Broz]

On 10/10/2012 11:43 PM, Geoffrey Thomas wrote:
> On Wed, 10 Oct 2012, Milan Broz wrote:
> 
>> Is there anything from libcryptsetup you want to use or it is just about
>> kernel code?
>>
>> If you want to use code from cryptsetup (cryptsetup/lib/verity/*), what exactly
>> you need and which licence is ok for you (GPL2+ or LGPL?)
>> (GPL3 will be incompatible with other cryptsetup code.)
> 
> Hm. I _thought_ I could adapt lib/verity/verity_hash.c for what I need, 
> but it appears to only support a whole-disk verification, not verification 
> of individual blocks.

Well, yes, because cryptsetup does not need that.

Also it uses crypto backend wrappers, so I am afraid you cannot just take
this library without a lot of changes....

> That said, if you're willing to take patches to 
> extend libverity's API, I can add the functionality I need. I believe that 
> GPLv2+ should work fine for GRUB.

I see no major problem with relicensing (but need to check properly).
If it helps to use it more broadly, it would be nice (with available
source code for everyone).

If you have any patches, just send them (to list or create new issue
on project page).

What is not clear here (not related to problems above) is where
you want to store root hash and how grub2 will securely obtain it...

Thanks,
Milan

Re: [dm-crypt] verity for GRUB?

[Geoffrey Thomas]

[trimmed Ccs]

On Wed, 10 Oct 2012, Milan Broz wrote:

> I see no major problem with relicensing (but need to check properly).
> If it helps to use it more broadly, it would be nice (with available
> source code for everyone).

Yeah, if you're planning on looking into relicensing, I'd encourage you to 
make as much of cryptsetup as you can GPLv2+ instead of GPLv2, so that the 
code is more reusable in other projects, even if it ends up not being 
relevant for my specific use case.

> What is not clear here (not related to problems above) is where
> you want to store root hash and how grub2 will securely obtain it...

I've raised this on the GRUB list:

http://thread.gmane.org/gmane.comp.boot-loaders.grub.devel/19404

Basically my plan is to add another GRUB command to verify a signed file 
and load configuration or variables from it (or parse it with the Lua 
grub-extra, which we're already using), and then build a top-level 
grub.efi with our certificate embedded. So our build server would do 
something like `veritysetup format image.iso image.iso.verity | sed ... | 
gpg --clearsign > image.iso.root-hash` after creating the ISO, and ship 
all three files when doing an update.

Which reminds me to thank you for the "veritysetup support for files" 
patch -- in some testing by hand, it works pretty well.

-- 
Geoffrey Thomas
gthomas@mokafive.com

Re: [dm-crypt] verity for GRUB?

[Arno Wagner]

On Wed, Oct 10, 2012 at 03:04:49PM -0700, Geoffrey Thomas wrote:
> Yeah, if you're planning on looking into relicensing, I'd encourage
> you to make as much of cryptsetup as you can GPLv2+ instead of
> GPLv2, so that the code is more reusable in other projects, even if
> it ends up not being relevant for my specific use case.

Quick qestion: What is the GPLv2+? I am unable to find any formal 
references or comparisons, just GPLv2. Pointers appreciated.

Arno
-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

Re: [dm-crypt] license of libcryptsetup (was: verity for GRUB?)

[Milan Broz]

On 10/11/2012 07:10 AM, Arno Wagner wrote:
> On Wed, Oct 10, 2012 at 03:04:49PM -0700, Geoffrey Thomas wrote:
>> Yeah, if you're planning on looking into relicensing, I'd encourage
>> you to make as much of cryptsetup as you can GPLv2+ instead of
>> GPLv2, so that the code is more reusable in other projects, even if
>> it ends up not being relevant for my specific use case.
> 
> Quick qestion: What is the GPLv2+? I am unable to find any formal 
> references or comparisons, just GPLv2. Pointers appreciated.

Nice list is here
http://en.wikipedia.org/wiki/List_of_FSF_approved_software_licenses
http://www.gnu.org/licenses/gpl-faq.html

Basically, it is shortcut:
GPLvX means GPL version X only, GPLvX+ "... or any later".

And why there is resistance to GPLvX+? Well, "or any later" means
any later. Who knows what is in not yet written GPLv(X+y)? :-)
(And v3 has own problems as well.)

The basic problem is in compatibility matrix, mainly with GPLv3 vs GPLv2
which are not compatible, see http://gplv3.fsf.org/dd3-faq

Because of repeating questions an problems, I would really like to switch
libcryptsetup (IOW cryptsetup library, not binary itself)
to something less restricted (currently most of the code is GPLv2 only).
Perhaps LGPLv2+. But it requires approval from all authors.
(I will perhaps try to get these, otherwise I switch just verity part...)

(TBH, I would myself prefer any new crypto code under even less restricted
licenses like BSD or MIT licence. But cryptsetup already depends on other
GPL libraries, so not sure if it makes sense.
Anyway, if anyone has better idea or any notes here, please let me know.
Now is the best time to complain ;-)

Thanks,
Milan

Re: [dm-crypt] license of libcryptsetup (was: verity for GRUB?)

[Arno Wagner]

On Thu, Oct 11, 2012 at 09:23:03AM +0200, Milan Broz wrote:
> On 10/11/2012 07:10 AM, Arno Wagner wrote:
> > On Wed, Oct 10, 2012 at 03:04:49PM -0700, Geoffrey Thomas wrote:
> >> Yeah, if you're planning on looking into relicensing, I'd encourage
> >> you to make as much of cryptsetup as you can GPLv2+ instead of
> >> GPLv2, so that the code is more reusable in other projects, even if
> >> it ends up not being relevant for my specific use case.
> > 
> > Quick qestion: What is the GPLv2+? I am unable to find any formal 
> > references or comparisons, just GPLv2. Pointers appreciated.
> 
> Nice list is here
> http://en.wikipedia.org/wiki/List_of_FSF_approved_software_licenses
> http://www.gnu.org/licenses/gpl-faq.html
> 
> Basically, it is shortcut:
> GPLvX means GPL version X only, GPLvX+ "... or any later".

I see. Logical. Must be the cold I have at the moment clogging 
up my synapses ;-)

Thanks!
 
> And why there is resistance to GPLvX+? Well, "or any later" means
> any later. Who knows what is in not yet written GPLv(X+y)? :-)
> (And v3 has own problems as well.)

It does indeed. 

> The basic problem is in compatibility matrix, mainly with GPLv3 vs GPLv2
> which are not compatible, see http://gplv3.fsf.org/dd3-faq
> 
> Because of repeating questions an problems, I would really like to switch
> libcryptsetup (IOW cryptsetup library, not binary itself)
> to something less restricted (currently most of the code is GPLv2 only).
> Perhaps LGPLv2+. But it requires approval from all authors.
> (I will perhaps try to get these, otherwise I switch just verity part...)
> 
> (TBH, I would myself prefer any new crypto code under even less restricted
> licenses like BSD or MIT licence. But cryptsetup already depends on other
> GPL libraries, so not sure if it makes sense.

I don't want my stuff under modified BSD or MIT by default. While 
it does cause problems, I think the GPL-idea still serves a purpose. 

I can live with LGPLv2.1+ (seems to be the most compatible one)
for any code I contribute. For documentation, completely free
for small things and CC "Attribution-Share Alike 3.0 Unported" 
(as I use in the FAQ) for larger things would be my choice, but
anything reasonably similar is fine. 
 
I am willing to do a "modified BSD" code-fork for a specific purpose 
(if somebody asks and has a good reason). I have done that in the past 
for some research code, i.e. public GPL code and special BSD release 
for an industry partner. There, I put a note in the BSD license statement
that a GPL version was also available and a pointer to it (in these 
cases my long-term email). As BSD requires the license statement to
be left intact, that at least makes hiding the original code difficult 
and allows people to find it if they are interested.

I know that legally this is a minefield if many people contribute,
but maybe it could work?

> Anyway, if anyone has better idea or any notes here, please let me know.
> Now is the best time to complain ;-)

;-)

Arno

-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell