Sorry for the amount of text that follows: MY MONOLOGUE ON FACEBOOK 30.-31.3.2024
Antti-Pekka Känsälä antti.pekka.kans...@iki.fi If it's not in Debian, but it's because of my activity, I'm somewhat out of ideas. Out of ideas concerning my own data security. In that case, I better move on, and focus on something else. (The problem has persisted for some time. I have quietly assumed my machine has been breached, by legal (not to say legitimate) means (in short, I've been under the "official eye"), that the Debian project has been forced to comply to, or by means that are beyond software. Thus my helplessness continues.) Frequent reinstallations of the system clearly won't help, I have tried that. Is it possible, that I have bogus installation media, and cryptographical verification fails in my case? Just my thoughts. I think this is the second time I'm in this kind of despair with Debian. However, I know of no other way to use a computer, that would come even close in quality for my needs. Thanks. The GNU/Linux Debian distribution of Linux is the basis for most other distributions. It affects the entire digital world, that it works correctly. Their security team I believe includes the best. I think they have a public disclosure policy, once they discover a problem. If there is a problem here, I may never even find out where it was, but it will be fixed, by the best. You should use Debian too. The USB stick problem is not the only symptom. The other is complete lockups, that may well be just because of old hardware. However, if the system is breached, the lockups could be intentional. The problem could be somewhere completely elsewhere from USB sticks, it's just that someone's playing interested in my sticks on a breached system. Haha... So it's ok, if it's just the corrupted officials monitoring me, so long as the problem is not in Debian, God forbid! It's quite the system. No systems limps on quite as well, even when completely breached... Things sure happen fast, when a computer most likely is breached. Nearly all of the attack tools targeted at my machine must be fully automated. Not much use being even the best sysadmin on a breached machine, it's people elsewhere who investigate. Why would Gmail running in Firefox be interested in 128 files on my USB stick, in addition to the 1 that I have just uploaded as an e-mail attachment? Good question. Because they are not, but running Gmail in Firefox reveals something about how the system is compromised. There was news just today, I think, of a major backdoor problem, that was discovered. They suspect it was definitely by a governmental level actor. What is happening on my machine could be a consequence of the backdoor problem, but I'm just one of the God knows how many affected, and my case may or may not be relevant at all to figuring out what else has become corrupted. What is worrisome however, is that this seems to be happening on several versions of recently, freshly-reinstalled Debian stable. I saw someone writing that "no version of Debian stable is known to be affected", but this could change. I got some very professional help, quickly, from the debian-user mailing list. Being worried about USB stick security must be well-known. I have been aware of the "lsof" command before, to display open files, and I think I may have even tried it to investigate this problem, but have given up, for the reason that there's not really anything I can do if my activity is just being "legally" monitored by officials. I'm really annoyed by what I gather, that the Debian project is legally obliged to allow such official monitoring. On the other hand, the situation is no different from phones, which the police (at least) can tap. My understanding is, that Debian is close to a system, that not even the authorities would be able to monitor, were it not for their "legal" intervention in the system's development. I do feel a bit digitally raped here. With Windows it would be constantly in bed with Bill Gates? With Apple... Well. You hear of Windows computers getting slow with age? Well, I got alarmed when on Linux an action started to take two seconds on this old machine! You just kind of have to settle with something, that you assume is a noticeable tap on your system, from month to month, by the officials, legally? The backdoor I mentioned has been fixed now, and possibly did not affect my suspected problem. I have some ideas though, why Gmail "might" be interested in USB sticks... Enough so to break out of Firefox? In that case, what I'm experiencing could just be a minor problem. Maybe just in Firefox, but is it really being exploited by our honest friend Google?! I have nowhere near complete evidence, under which conditions can the system try to steal files off my USB sticks. I just know I can't use USB sticks securely here. To some people, that might sound surprising, if you read what they say about malware, etc., and warn about unknown sticks. But with GNU/Linux Debian there have actually been standards of security, you could actually hope that USB sticks would work for their intended purpose! If Firefox has a hole, it's going to somewhat limit my browsing experience. Maybe as workaround, I will try switching to another browser at some point. Firefox just happens to ship as the default. A fancy file chooser dialogue, that stays around analyzing the directory is now suspected. But it could be that someone is interested in what kind of binaries people try to e-mail to somewhere from their USB sticks (!) (The backdoor discovery I mentioned yesterday is a nice example, of how things work in the open source community. The problem was admitted, discussed openly, and fixed the same day. Regarding Debian, it only affected developmental versions, not the stable distribution I'm using. I read some SSH tools were compromised, if they had been used by early-adopter developers throughout the world, a huge number of systems could still be corrupted all around the world. Even though the root of the problem was fixed in less than a day, after it was brilliantly discovered by noting that a particular infected program ran a bit slower, that it should have!) If you got interested in my suspected problem, the technical discussion is here: https://lists.debian.org/debian-user/2024/03/msg00721.html LISTS.DEBIAN.ORG Debian 12.5 up-to-date Xfce, Firefox clings to USB stick I'm not sure if I should even bother reporting this to Mozilla, since their page hardly even has a simple feature to report problems! To contribute to data security responsibly, I think I am going to need to push this all the way through, until I get an answer, or see the problem fixed. The problem could be local to Debian, so I think I'll "stick" to that for now. I just used the Debian "reportbug" tool for the first time in my life, on the package "firefox-esr". It would be a way to begin contributing, to report *everything* I notice. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068122 BUGS.DEBIAN.ORG bugs.debian.org bugs.debian.org Who knows, I may have "hit jackpot"! Now that I think of it, I'm no longer sure how I mounted the stick in the first place. Did I double click the icon, opening a window manager window, that promptly began analyzing the directory in the background? Is it just that? Previews of files were still being computed when I was already done with Gmail, and tried to unmount? No... I think this is related to someone being interested in me apparently planning on using Gmail to send encrypted data. They may have a right to be interested. But not by compromising my Debian! I don't always see this kind of behavior, with the same stick, even if I quickly plug it in to retrieve a single file. I don't know where the previews are stored, not on the stick, I think. I mean, it took a minute or so, before unmounting cleanly, and 129 files on the stick really were open by the browser. If I copy a single file out of a stick, and it is done, then the expected behavior is that the stick can be unmounted. If it's a storage device, not an espionage device. And, I've noticed manual mounting in the terminal, copying the file to disk, then unmounting in the terminal (as root, I know) also does "resolve" the clinging problem. What is supposed to be the problem with using "su" in a terminal, nobody has bothered to explain to me? Is my system compromised in some completely different way, because of me using "su"? I think "sudo" has finer grained control over subprocesses being granted root privileges? If you assume programs are full of undiscovered root exploits, then using "sudo" could be safer, privileges would not escalate? Well, starting from my next reinstall it will be "sudo" then. Debian 12.5, hostname "renaissance". uname -a follows: Linux renaissance 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux "su" is shorter than "sudo". Maybe this monologue would all have belonged to one of the Debian IRC channels. I've had difficulty working with colleagues in computer science since around who knows when. I believe what I'm doing here is doing my share in "digital forensics". Obviously I cannot communicate securely with anybody using this computer for now. I'll have to wait for an update to Debian, and do a full reinstall again. Time to start thinking of a good hostname, a pleasure.