Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
A small but important point people might have overlooked. An opt-out function for Ubuntu's Dash is less helpful if you're running Ubuntu as a liveboot. If you're running it as a liveboot, you or your startup script will have to disable the Dash leaks each and every time you boot up your computer. It is easy to mistakenly type something sensitive into the Dash before disabling the leaks -- especially when you boot up your live machine three, four times a day across hundreds of days. You're drunk or tired or something -- might sound silly, but that is life -- and you type a passphrase or something else important into the Dash...bad! The take-away point is that when you take live systems into account, the well you can just turn it off argument is weaker. On 02/22/2013 04:06 PM, Jacob Appelbaum wrote: Rich Kulawiec: On Tue, Feb 19, 2013 at 04:53:48AM +, Jacob Appelbaum wrote: Sounds like someone should upload a package that fixes all of the privacy problems, eh? I've thought about this for a couple of days and about 20 miles, and although my initial reaction was yes, they should, I'm now going to reverse myself and say well...maybe not. Here's why. I think the problem here is not susceptible to patching, because the root cause isn't software: it's mindset. The people who think that this is actually a good idea -- and persist in thinking so despite cogent (and in my opinion, highly persuasive) arguments to the contrary -- are unlikely to shift course. The course they've embarked on inevitably leads to more of the same -- oh, with different technical details and levels of impact, of course, but still: more of the same. I am reminded of one of my favorite quotes: I could warn you of course, but you would not listen. I could kill you, but someone would take your place. So I do the only thing I can. I go. I don't think the situation is salvageable; I think the effort that could be put into trying to do so is better spent elsewhere. I think it's time to go. The Opt-out strategy is useful. The question is - how does it make Ubuntu safer or more privacy preserving? For example - what if we were able to make a privacy preserving version that was also reasonably secure and everyone was happy? Perhaps one where people might even be able to opt-out of the privacy enhancements? I'd be fine with such a choice - I don't feel like it is a lost cause either, I think it is, if anything, a lot of work. Who is more likely to experiment in this space? It isn't Apple, it isn't Microsoft, it isn't a lot of Free Software projects; Ubuntu could really improve on their privacy in a way that few others are able to do and in doing so, they'd find a privacy preserving way to make a profit with the consent of those involved. I think the first step is to design such a thing, encourage people to use it and then to show those who are skeptical that the work is done. Now, if they say no, yes, I agree - time to consider it a lost cause. Such a dialog hasn't happened and as a result, I think it is too early to quit. All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
On Tue, Feb 19, 2013 at 04:53:48AM +, Jacob Appelbaum wrote: Sounds like someone should upload a package that fixes all of the privacy problems, eh? I've thought about this for a couple of days and about 20 miles, and although my initial reaction was yes, they should, I'm now going to reverse myself and say well...maybe not. Here's why. I think the problem here is not susceptible to patching, because the root cause isn't software: it's mindset. The people who think that this is actually a good idea -- and persist in thinking so despite cogent (and in my opinion, highly persuasive) arguments to the contrary -- are unlikely to shift course. The course they've embarked on inevitably leads to more of the same -- oh, with different technical details and levels of impact, of course, but still: more of the same. I am reminded of one of my favorite quotes: I could warn you of course, but you would not listen. I could kill you, but someone would take your place. So I do the only thing I can. I go. I don't think the situation is salvageable; I think the effort that could be put into trying to do so is better spent elsewhere. I think it's time to go. ---rsk -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
Rich Kulawiec: On Tue, Feb 19, 2013 at 04:53:48AM +, Jacob Appelbaum wrote: Sounds like someone should upload a package that fixes all of the privacy problems, eh? I've thought about this for a couple of days and about 20 miles, and although my initial reaction was yes, they should, I'm now going to reverse myself and say well...maybe not. Here's why. I think the problem here is not susceptible to patching, because the root cause isn't software: it's mindset. The people who think that this is actually a good idea -- and persist in thinking so despite cogent (and in my opinion, highly persuasive) arguments to the contrary -- are unlikely to shift course. The course they've embarked on inevitably leads to more of the same -- oh, with different technical details and levels of impact, of course, but still: more of the same. I am reminded of one of my favorite quotes: I could warn you of course, but you would not listen. I could kill you, but someone would take your place. So I do the only thing I can. I go. I don't think the situation is salvageable; I think the effort that could be put into trying to do so is better spent elsewhere. I think it's time to go. The Opt-out strategy is useful. The question is - how does it make Ubuntu safer or more privacy preserving? For example - what if we were able to make a privacy preserving version that was also reasonably secure and everyone was happy? Perhaps one where people might even be able to opt-out of the privacy enhancements? I'd be fine with such a choice - I don't feel like it is a lost cause either, I think it is, if anything, a lot of work. Who is more likely to experiment in this space? It isn't Apple, it isn't Microsoft, it isn't a lot of Free Software projects; Ubuntu could really improve on their privacy in a way that few others are able to do and in doing so, they'd find a privacy preserving way to make a profit with the consent of those involved. I think the first step is to design such a thing, encourage people to use it and then to show those who are skeptical that the work is done. Now, if they say no, yes, I agree - time to consider it a lost cause. Such a dialog hasn't happened and as a result, I think it is too early to quit. All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
Micah Lee: On 02/22/2013 02:06 PM, Jacob Appelbaum wrote: The Opt-out strategy is useful. The question is - how does it make Ubuntu safer or more privacy preserving? For example - what if we were able to make a privacy preserving version that was also reasonably secure and everyone was happy? Perhaps one where people might even be able to opt-out of the privacy enhancements? I'd be fine with such a choice - I don't feel like it is a lost cause either, I think it is, if anything, a lot of work. Who is more likely to experiment in this space? It isn't Apple, it isn't Microsoft, it isn't a lot of Free Software projects; Ubuntu could really improve on their privacy in a way that few others are able to do and in doing so, they'd find a privacy preserving way to make a profit with the consent of those involved. I think the first step is to design such a thing, encourage people to use it and then to show those who are skeptical that the work is done. Now, if they say no, yes, I agree - time to consider it a lost cause. Such a dialog hasn't happened and as a result, I think it is too early to quit. All the best, Jacob Ubuntu has said that they won't disable online search by default. Will they ensure it always traverses the network with HTTPS, with SSL certs/CA material pinned? Will they always support connections from the Tor network? However, they do make it really simple for users to turn it off in the settings, and I believe they're working on making the privacy settings have more options, letting you turn off online search directly from dash (a private mode), and things like that. Seems like a good step forward. I think it's possible to create the kind of usability they want to create and also protect privacy. They haven't gotten there yet obviously, and so far haven't been responsive to criticism. But I'll still keep an open mind and hope that they eventually come up with something great. Until that happens I'm using Debian. If we merely wait for them to find solutions in a problem space they hardly understand, they will likely produce an outcome that makes everyone unhappy. All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
On 19/02/13 at 11:48am, Lee Fisher wrote: I'd suggest one that is fully-controlled by the community, like Debian, or another one of your preference. Anywhere in the world I won't use Debian, because of the fact that packages shipped are modified and patched a lot. That means other people (packagers) are doing the job of developers, and like all people that doesn't do their job, sometimes errors happen (do you remember the PRNG?). We (as users) should require vanilla packages, or at least patched with patches from official developers (e.g. we have 1.2.0 bugged, meanwhile 1.2.1 is out we should have 1.2.0 patched). So, I'd suggest one that is fully-controlled by the community and where each people in the chain has the right job (developers should develop, and packagers should package), like ArchLinux, or another one of your preference. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
..on Wed, Feb 20, 2013 at 06:17:16PM +0200, Maxim Kammerer wrote: On Wed, Feb 20, 2013 at 5:49 PM, micah anderson mi...@riseup.net wrote: Developers never made a mistake leading to a security problem, so Debian's one mistake in 2006 should be forever trotted out as an example of how Debian sucks, good point. I once needed to patch HTPdate [1], and immediately noticed two possibilities for buffer overflows. Immediately, because they are obvious to anyone who knows C — in line 243: if ( recv(server_s, buffer, BUFFERSIZE, 0) != -1 ) { does not ensure NUL-termination of received input, and in lines 264–265: if ( (pdate = strstr(buffer, Date: )) != NULL ) { strncpy(remote_time, pdate + 11, 24); necessary size of buffer after Date: is not ensured. I have sent a patch to the author of HTPdate, and he wrote back that a “Debian security administrator” already went over the code with him line-by-line. So, for the record, there are at least *two* examples why Debian sucks security-wise. [1] http://www.vervest.org/foswiki/bin/view/HTP/DownloadC Did you file a bug? It doesn't look like you did. You should do it. http://www.debian.org/Bugs/ Filing a bug is a standard procedure which is the fastest and most responsible means of getting a patch in and escalated in Debian GNU/Linux. For all you know the author of HTpdate may not be telling the truth, that s/he didn't contact any 'Debian security administrator' - I've never heard of such a role. Debian packages have /maintainers/ not administrators. You ought to file a bug so it reaches the package maintainer. Frankly, you will always find exceptions to what is other wise a highly regarded distribution, highly regarded enough for 70% or so of all other distributions to use it as a base. A great many security conscious organisations run their internet-facing servers on Debian GNU/Linux (Stable). More so, BackTrack is based on Debian, a distribution used by countless data forensics people, pen-testers and security auditors world wide. It's fairly widely trusted in the field. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
Maxim Kammerer m...@dee.su writes: I have sent a patch to the author of HTPdate, and he wrote back that a “Debian security administrator” already went over the code with him line-by-line. There is no such thing as a Debian security administrator, and HTPdate is not in Debian, so I'm not sure what this is intended to show except that some upstream developer has some security problems in their code and rather than fixing them, said that someone in Debian said they weren't problems? So, for the record, there are at least *two* examples why Debian sucks security-wise. I dont understand this, nobody said that Debian has never had security problems, or ever will, nor does your example show how Debian sucks security-wise. micah -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
Hi, Julian Oliver wrote (20 Feb 2013 16:27:24 GMT) : Did you file a bug? It doesn't look like you did. You should do it. The program Maxim was talking of is not part of Debian. ... and I agree it's totally unclear if that “Debian security administrator” was anything but a random system administrator who happens to use Debian, who cares about security, and who likes creating new honorific titles. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
On Wed, Feb 20, 2013 at 6:46 PM, Julian Oliver jul...@julianoliver.com wrote: Yes, just after sending the email I 'apt-cache search htpdate', returning nothing. It seems Maxim might have confused Debian with another distribution of GNU/Linux. No, I didn't — I know what Debian is. I remember it not being able to even install properly somewhere in the 90's. I just quoted the developer verbatim, FWIW. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
danimoth danim...@cryptolab.net writes: On 20/02/13 at 10:49am, micah anderson wrote: Developers never made a mistake leading to a security problem, so Debian's one mistake in 2006 should be forever trotted out as an example of how Debian sucks, good point. Sorry, but this distinction between Developers doesn't make sense, many Debian *Developers* are developers themselves, often upstream to the packages that they are shipping. They are developers, but not for the project they are maintaing in debian (or not all). That is not true. There are many 'upstream' developers who are the 'developers' in Debian, in otherwords they are the ones maintaining their packages in Debian. My point is that, if there exist a program A, its developers know a lot more than the corrisponding debian packager, and they are the only that could patch at least bad. And this principle is showed perfectly for the PRNG example which I cited. That is why those Debian people who aren't upstream are expected to have a close relationshp with upstream. That doesn't always happen of course. In the PRNG example you cited, since some people can't help but continue to talk about this one security vulnerability from seven years ago (although I've got a few vulnerabilities that were much worse since then, that is if you are interested in seeing past this one: you might be shocked!)... The Debian person who made this mistake actually *did* discuss it on openssl-dev and got a (admittedly weak) go-ahead from an openssl developer (Ulf Möeller). There were lessons learned from that, mostly about about distributions and projects working together or, as in this case, failing to work together, and the openssl team making it more clear how they would like these things to be communicated. This wasn't the first, or last time that security bugs to upstream openssl/openssh were not properly responded to by upstream. micah -- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
Anyway, we are free to choose what fit our requirements. True. Is there any formal academic research on the topic of distro stability/quality/security, with any listed attributes/requirements? On one hand, corporate control tends to spyware backdoors. On the other, volunteer control could have other problems, like the Debian OpenSSL port PRNG issue. What are the other main characteristics to look for in a community-controlled distro, for signs of a trustworthy, secure platform? Going to the other extreme of Debian community size, what about one-person projects? Some of the PET-centric distros are maintained by just a single person. Is that better, or worse? I'd tend to think that a 1 team would be better. Another factor is security/trust issues from the uptream distro, if any. If The Upstream Vendor (TUV) is a corporate-controlled one, you have to hope that the downstream community-controlled fork is able to identify any corporate-inserted spyware. It also may benefit from their presumed better QA. For example, will Ubuntu Privacy Remix defang this new upstream Dash spyware feature, if UPR is still alive and ever updates to 12.x? Even if TUV is community-based, like many are (Debian, or Gentoo, or Ubuntu), you have to now trust that their code, or that the downstream distro fixes things to your liking. It would be nice if the EFF or some other org would poll their users, asking them for their favorite distro, and which characteristics caused this choice. PS: Earlier I implied that Mint is corporate-controlled, but it appears I was wrong, and they appear community-controlled. Sorry, Mint! -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
If this sort of behaviour from Ubuntu continues, what I would suggest is that simply people start recommending other Linux distributions. Personally I'm a big Fedora fan: It has the same level of ease of use and features as Ubuntu and also a nice aesthetic and full SELinux security features across the board. The community is also dedicated. http://fedoraproject.org/ I agree, about switching to another Linux (or BSD) distro. But while Fedora (Ubuntu or [Open]SUSE or Mint, etc.) have a lot of volunteers, the platform is still controlled by a corporation. What makes you think that they aren't already doing this, or won't soon adopt Canonical's model? You can't trust any single-vendor-controlled operating system. Apple, Microsoft, Canonical, RedHat, Attachmate/Novell, etc. Especially closed source ones, but even open source ones, like Canonical has demonstrated. I'd suggest one that is fully-controlled by the community, like Debian, or another one of your preference. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
The short version is that Ubuntu is now pre-compromised. (Or if you prefer Stallman's phrasing, and I agree with him, it's spyware.) And given the appallingly tone-deaf nature of Shuttleworth/Canonical's responses, I very much doubt that this will be the end of it -- that is, I fully expect other privacy/security-adverse changes to be deliberately implemented in future releases/updates/patches. ---rsk - Forwarded message from greg pryzby g...@pryzby.org - Date: Mon, 18 Feb 2013 17:07:59 -0500 From: greg pryzby g...@pryzby.org Subject: [Novalug] Ubuntu, Dash, Shuttleworth and privacy I am posting because this popped a few times today in my feed and I thought it was important enough to share. Search for details from other sites and read the information from all sources you can, if you are so inclined. The upshot is all keystrokes in Dash are sent to Canonical and make available to partners as well as Canonical. It is on by default. Here is the first article I saw today: http://yro.slashdot.org/story/13/02/18/1652242/mark-shuttleworth-addresses-ubuntu-privacy-issues This appears to be the reference article http://www.muktware.com/5234/mark-shuttleworth-addresses-ubuntu-privacy-issues-it-enough [snip] - End forwarded message - -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
Rich Kulawiec: The short version is that Ubuntu is now pre-compromised. (Or if you prefer Stallman's phrasing, and I agree with him, it's spyware.) And given the appallingly tone-deaf nature of Shuttleworth/Canonical's responses, I very much doubt that this will be the end of it -- that is, I fully expect other privacy/security-adverse changes to be deliberately implemented in future releases/updates/patches. Sounds like someone should upload a package that fixes all of the privacy problems, eh? All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
If the Ubuntu team can't be convinced to take a policy standpoint against things like this, then the project suffers from a cancer that runs deep and can't be mitigated with blog posts and patches. Most users won't know they're being tracked like this and won't be the kind of user that looks up blog posts and patches against this sort of tracking. AKA most users fall for this. If this sort of behaviour from Ubuntu continues, what I would suggest is that simply people start recommending other Linux distributions. Personally I'm a big Fedora fan: It has the same level of ease of use and features as Ubuntu and also a nice aesthetic and full SELinux security features across the board. The community is also dedicated. http://fedoraproject.org/ Seriously though, it's disturbing that even Linux geeks at Canonical can't see how awful those decisions are. Ubuntu is really getting full of itself these days. NK On Mon, Feb 18, 2013 at 11:53 PM, Jacob Appelbaum ja...@appelbaum.netwrote: Rich Kulawiec: The short version is that Ubuntu is now pre-compromised. (Or if you prefer Stallman's phrasing, and I agree with him, it's spyware.) And given the appallingly tone-deaf nature of Shuttleworth/Canonical's responses, I very much doubt that this will be the end of it -- that is, I fully expect other privacy/security-adverse changes to be deliberately implemented in future releases/updates/patches. Sounds like someone should upload a package that fixes all of the privacy problems, eh? All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech