Re: [pfSense] naive suggestion: conform to US laws

[Alex DiMarco]

>
>
>> Interesting time that was, no particular hate though for that period..
> Now the 80's on the other hand :*)
>
>
> It was only the music that sucked in the 80s… Oh, and the clothing / hair
> styles, and the politics, and …  :-)
>

I do have a soft spot for the music

>
> So what excuse do I have, given that I was stone sober?   (In France at
> the time, but still… sober.)
>
> Jim
>
>
being passionate applies - just as intoxicating 8)
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Stefan Baur]

Am 15.10.2013 16:15, schrieb Jim Thompson:
So what excuse do I have, given that I was stone sober? (In France at 
the time, but still… sober.)


Maybe you were immersed long enough to assimilate the French attitude?
(Think "French Soldier" in "Monty Python and the Holy Grail" - 
http://www.imdb.com/title/tt0071853/quotes)


*grinning, running and ducking*

SCNR,
Stefan
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Jim Thompson]

On Oct 15, 2013, at 8:53 AM, Alex DiMarco  wrote:

> 
> On Tue, Oct 15, 2013 at 8:20 AM, Robert Skinner  
> wrote:
> You would have hated the 90s then.
> 
> Interesting time that was, no particular hate though for that period.. 
> Now the 80's on the other hand :*) 

It was only the music that sucked in the 80s… Oh, and the clothing / hair 
styles, and the politics, and …  :-)
> Though annoying at times, these displays on mailing lists have also sparked 
> some great technology projects too. Those around in the early BSD days recall 
> such episodes. Not that I am promoting or encouraging such behavior.
> 
> There is no doubt great technology has emerged from conflict; verbal and 
> otherwise.
>  
> I think I may be an optimist with a belief that if we choose to interpret 
> intentions in a positive way even when they are communicated otherwise, we 
> can potentially do even greater things... maybe I am choosing to be naive...  
> but then, that is the title of this thread
> You will always have “that guy”, at a bar now and then, but as long as it’s 
> not a bar full of that personality.
> 
> I think unfortunately all of us have had the privilege of being "that guy" at 
> the bar - I know I have a few times even without the Guinness or Scotch 
> flowing  8*]

So what excuse do I have, given that I was stone sober?   (In France at the 
time, but still… sober.)

Jim


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Alex DiMarco]

On Tue, Oct 15, 2013 at 8:20 AM, Robert Skinner wrote:

> You would have hated the 90s then.
>
Interesting time that was, no particular hate though for that period..
Now the 80's on the other hand :*)

> Though annoying at times, these displays on mailing lists have also
> sparked some great technology projects too. Those around in the early BSD
> days recall such episodes. Not that I am promoting or encouraging such
> behavior.
>
There is no doubt great technology has emerged from conflict; verbal and
otherwise.

I think I may be an optimist with a belief that if we choose to interpret
intentions in a positive way even when they are communicated otherwise, we
can potentially do even greater things... maybe I am choosing to be
naive...  but then, that is the title of this thread

> You will always have “that guy”, at a bar now and then, but as long as
> it’s not a bar full of that personality.
>
I think unfortunately all of us have had the privilege of being "that guy"
at the bar - I know I have a few times even without the Guinness or Scotch
flowing  8*]
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Robert Skinner]

You would have hated the 90s then. Though annoying at times, these displays
on mailing lists have also sparked some great technology projects too.
Those around in the early BSD days recall such episodes. Not that I am
promoting or encouraging such behavior. You will always have “that guy”, at
a bar now and then, but as long as it’s not a bar full of that personality.



On Sun, Oct 13, 2013 at 11:51 AM, Alex DiMarco  wrote:

> I have been following this discussion since the start and I have to say
> that it has been very informative (mostly from a social perspective), but I
> have been disappointed with the, um, vigorous responses from all sides.
>
> The original post was somewhat blunt and probably could be labeled as
> insensitive, and it could have been written with much better social decorum
> (and for this an apology would be in order). Unfortunately the communal
> response with some exceptions (thank you Chris) was equally missing in
> generosity, sensitivity and decorum.
>
> I suspect all of us are familiar with the realization that email can be
> interpreted in the most unflattering ways despite the best of intentions...
> and assuming TROLL intentions in this case I see as somewhat ungenerous.
>
> Maybe this could be a good reminder to us all as to how even the best of
> projects and lists are susceptible to issues of email misunderstanding and
> how important great efforts of respect and decorum on all sides is
> necessary.
>
> This article (although old) is a good reminder of how problematic this
> issue is...
> http://www.wired.com/science/discoveries/news/2006/02/70179
>
>
> Sincerely
>
> Alex
>
>
> --
> Alex DiMarco
> 
> www.cdf.toronto.edu
> Bahen Centre
> 40 St. George Street, Room 3224
> Toronto, Ontario
> M5S 2E4
> 416-946-8862
>
>  * For immediate assistance to share your desktop:
>  Download TeamViewer for 
> Windows
>  Download Teamviewer for 
> Mac
>
>
>
> On Sat, Oct 12, 2013 at 8:55 PM, Paul Mather wrote:
>
>> On Oct 12, 2013, at 11:23 AM, Oliver Hansen 
>> wrote:
>>
>> On Sat, Oct 12, 2013 at 4:10 AM, Thinker Rix wrote:
>>
>>> On 2013-10-09 19:38, Jim Thompson wrote:
>>>
 So asking the question is stupid

>>>
>>> On 2013-10-09 19:50, Jim Thompson wrote:
>>>
 IMO, this bullshit thread only serves to assist those asking the
 question in stroking their own ego.

>>>
>>> On 2013-10-12 01:40, Jim Thompson wrote:
>>>
 Otherwise: get off my lawn.
 I'm not willing to endure this uninformed Alex Jonesian crapfest.
 Now that I'm back on US soil, I promise that if the later continues, I
 will kill the thread. People who hijack threads will be dealt with.
 Otherwise: STFU.

 Nor will I endure the besmirching of pfSense's good name and trademark.

>>>
>>> The only one who is besmirching pfSense here is: you - given that as a
>>> co-owner of ESF you are an official representative of pfSense - and your
>>> official communication unfortunately shows that you are a vulgarian,
>>> plebeian, obscene, scurrilous goon, who insults, threatens, bullys, censors
>>> and muzzles other community members, totally lacking control of himself and
>>> any professional business manners whatsoever, let alone any constructive
>>> discussion culture.
>>>
>>> To me it feels highly awkward and it is unsettling me a lot, that such
>>> an ill-mannered, shady and dubious roughneck like you holds a key position
>>> in the project that creates the security product that we use for protecting
>>> our networks.
>>>
>>> I have no idea why highly respected Chris Buechler partnered with you,
>>> but it might be good if you would learn a lesson from him concerning his
>>> professionalism, seriousness and manners in his official communication.
>>>
>>> Bye.
>>
>>
>> I can't say I agree with Thinker Rix on everything but on this I do
>> agree. I have been on this list for many years (mostly just reading) and
>> have always been impressed with the professionalism of most members who
>> write and especially those affiliated with the project. I have been quite
>> surprised and disappointed in the attitude and tone coming from Jim
>> Thompson this last week and in my opinion THAT is what reflects poorly on
>> the project.
>>
>>
>> It may be that Jim simply saw what looked like a sock puppet come onto
>> the list and start spreading FUD  about ESF and pfSense.  Normally, when
>> you see what you consider to be a troll, the usually response is "don't
>> feed the troll" and ignore the thread until it runs out of fuel.  I guess
>> the response is different, though, when someone is directing FUD at your
>> company.  Then, rather than annoyance and bruised egos, the damage can be
>> more real and 

Re: [pfSense] naive suggestion: conform to US laws

[Alex DiMarco]

I have been following this discussion since the start and I have to say
that it has been very informative (mostly from a social perspective), but I
have been disappointed with the, um, vigorous responses from all sides.

The original post was somewhat blunt and probably could be labeled as
insensitive, and it could have been written with much better social decorum
(and for this an apology would be in order). Unfortunately the communal
response with some exceptions (thank you Chris) was equally missing in
generosity, sensitivity and decorum.

I suspect all of us are familiar with the realization that email can be
interpreted in the most unflattering ways despite the best of intentions...
and assuming TROLL intentions in this case I see as somewhat ungenerous.

Maybe this could be a good reminder to us all as to how even the best of
projects and lists are susceptible to issues of email misunderstanding and
how important great efforts of respect and decorum on all sides is
necessary.

This article (although old) is a good reminder of how problematic this
issue is...
http://www.wired.com/science/discoveries/news/2006/02/70179


Sincerely

Alex


--
Alex DiMarco

www.cdf.toronto.edu
Bahen Centre
40 St. George Street, Room 3224
Toronto, Ontario
M5S 2E4
416-946-8862

 * For immediate assistance to share your desktop:
 Download TeamViewer for
Windows
 Download Teamviewer for
Mac



On Sat, Oct 12, 2013 at 8:55 PM, Paul Mather wrote:

> On Oct 12, 2013, at 11:23 AM, Oliver Hansen 
> wrote:
>
> On Sat, Oct 12, 2013 at 4:10 AM, Thinker Rix wrote:
>
>> On 2013-10-09 19:38, Jim Thompson wrote:
>>
>>> So asking the question is stupid
>>>
>>
>> On 2013-10-09 19:50, Jim Thompson wrote:
>>
>>> IMO, this bullshit thread only serves to assist those asking the
>>> question in stroking their own ego.
>>>
>>
>> On 2013-10-12 01:40, Jim Thompson wrote:
>>
>>> Otherwise: get off my lawn.
>>> I'm not willing to endure this uninformed Alex Jonesian crapfest.
>>> Now that I'm back on US soil, I promise that if the later continues, I
>>> will kill the thread. People who hijack threads will be dealt with.
>>> Otherwise: STFU.
>>>
>>> Nor will I endure the besmirching of pfSense's good name and trademark.
>>>
>>
>> The only one who is besmirching pfSense here is: you - given that as a
>> co-owner of ESF you are an official representative of pfSense - and your
>> official communication unfortunately shows that you are a vulgarian,
>> plebeian, obscene, scurrilous goon, who insults, threatens, bullys, censors
>> and muzzles other community members, totally lacking control of himself and
>> any professional business manners whatsoever, let alone any constructive
>> discussion culture.
>>
>> To me it feels highly awkward and it is unsettling me a lot, that such an
>> ill-mannered, shady and dubious roughneck like you holds a key position in
>> the project that creates the security product that we use for protecting
>> our networks.
>>
>> I have no idea why highly respected Chris Buechler partnered with you,
>> but it might be good if you would learn a lesson from him concerning his
>> professionalism, seriousness and manners in his official communication.
>>
>> Bye.
>
>
> I can't say I agree with Thinker Rix on everything but on this I do agree.
> I have been on this list for many years (mostly just reading) and have
> always been impressed with the professionalism of most members who write
> and especially those affiliated with the project. I have been quite
> surprised and disappointed in the attitude and tone coming from Jim
> Thompson this last week and in my opinion THAT is what reflects poorly on
> the project.
>
>
> It may be that Jim simply saw what looked like a sock puppet come onto the
> list and start spreading FUD  about ESF and pfSense.  Normally, when you
> see what you consider to be a troll, the usually response is "don't feed
> the troll" and ignore the thread until it runs out of fuel.  I guess the
> response is different, though, when someone is directing FUD at your
> company.  Then, rather than annoyance and bruised egos, the damage can be
> more real and a more robust response might be warranted.
>
> It's up to Jim how he expresses himself.  Given that "Thinker Rix" was
> doing a remarkable job of impersonating a troll (IMHO), I think the blunt
> approach is the pragmatic logical endpoint of that dialogue.  It's sad, but
> dealing with trolls is a sad business. :-(
>
> Cheers,
>
> Paul.
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
>
___
List mailing list
List@lists.pfsense.or

Re: [pfSense] naive suggestion: conform to US laws

[Ulrik Lunddahl]

Hi Everyone!

I'm sorry to barge in, especially with a message not quoted correctly, but I 
weight the thoughts a lot more than the format.

Warrant Canaries might not be a very wise choice, at least not in its most 
simple form.

However, resent events in the world has shown everyone that having I project 
without a backdoor or (suspected) weak encryption, is a very strong positive, 
and my personal opinion is that the future will make it even more important.

It could be a smart decision to build this "feature" into the product.


-  As the code is all open, you could make code review/code assessments 
by "external" people a part of the project, and simply see this as a feature 
itself.


-  ESF could bind themselves by ethical rules that forbids them to 
continue product support on "non secure" releases.


How would anyone be able to prove what the code reviewers were "hinted" to 
review and by who.

How would any agency be able to force ESF to break ethical rules, and order 
them to continue working on something that they have promised to stop working 
on when it no longer gives any meaning.

However there is also a problem here, what if the governments/agencies wins 
this war, and laws are passed that "require" products to be "open" for the 
governments, there is a possibility for this scenario too, even if we don't 
like the sound if it, having a project that can't comply with current laws will 
definitely kill it.


My English is bad, and this is just my thoughts, but they all have to do with 
the project, and what "features" we will/might find important in the future, so 
please be constructive.


-  Ulrik Lunddahl


Fra: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] På 
vegne af Yehuda Katz
Sendt: 11. oktober 2013 20:22
Til: pfSense support and discussion
Emne: Re: [pfSense] naive suggestion: conform to US laws

On Fri, Oct 11, 2013 at 1:41 PM, Thinker Rix 
mailto:thinke...@rocketmail.com>> wrote:
Probably would not work (or would get whoever did that thrown in jail). This is 
similar to a Warrant Canary, but the USDoJ has indicated that Warrant Canaries 
would probably be grounds for prosecution of violation of the non-disclosure 
order.
inspired by the keyword you dropped, I researched a little bit and found: 
https://en.wikipedia.org/wiki/Warrant_canary
It seems that you are correct: What Adrian suggests, is called a Warrant canary.
In the wikipedia article it says that: "The intention is to allow the provider 
to inform customers of the existence of a subpoena passively, without violating 
any laws. The legality of this method has not been tested in any court." Is 
that wrong or in conflict with what you wrote?

I do not know of any prosecution for using a Warrant Canary, but that does not 
change whether the government would intend to prosecute it (and I have 
discussed it with lawyers in the DoJ and other areas). It just means that the 
situation has not come up: either because no place that uses a Warrant Canary 
has received a "secret order" or because no place that has received one has 
been willing to really use it as designed. This is what it boils down to: Do 
you want to go in front of a federal judge and say "I did not say we received a 
subpoena, I just stopped saying we did not receive one."? I know I would not 
want to.

If anyone wants to talk more about Warrant Canaries, email me off the list.

- Y

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Paul Mather]

On Oct 12, 2013, at 11:23 AM, Oliver Hansen  wrote:

> On Sat, Oct 12, 2013 at 4:10 AM, Thinker Rix  wrote:
> On 2013-10-09 19:38, Jim Thompson wrote:
> So asking the question is stupid
> 
> On 2013-10-09 19:50, Jim Thompson wrote:
> IMO, this bullshit thread only serves to assist those asking the question in 
> stroking their own ego.
> 
> On 2013-10-12 01:40, Jim Thompson wrote:
> Otherwise: get off my lawn.
> I'm not willing to endure this uninformed Alex Jonesian crapfest.
> Now that I'm back on US soil, I promise that if the later continues, I will 
> kill the thread. People who hijack threads will be dealt with.
> Otherwise: STFU.
> 
> Nor will I endure the besmirching of pfSense's good name and trademark. 
> 
> The only one who is besmirching pfSense here is: you - given that as a 
> co-owner of ESF you are an official representative of pfSense - and your 
> official communication unfortunately shows that you are a vulgarian, 
> plebeian, obscene, scurrilous goon, who insults, threatens, bullys, censors 
> and muzzles other community members, totally lacking control of himself and 
> any professional business manners whatsoever, let alone any constructive 
> discussion culture.
> 
> To me it feels highly awkward and it is unsettling me a lot, that such an 
> ill-mannered, shady and dubious roughneck like you holds a key position in 
> the project that creates the security product that we use for protecting our 
> networks.
> 
> I have no idea why highly respected Chris Buechler partnered with you, but it 
> might be good if you would learn a lesson from him concerning his 
> professionalism, seriousness and manners in his official communication.
> 
> Bye.
> 
> I can't say I agree with Thinker Rix on everything but on this I do agree. I 
> have been on this list for many years (mostly just reading) and have always 
> been impressed with the professionalism of most members who write and 
> especially those affiliated with the project. I have been quite surprised and 
> disappointed in the attitude and tone coming from Jim Thompson this last week 
> and in my opinion THAT is what reflects poorly on the project.

It may be that Jim simply saw what looked like a sock puppet come onto the list 
and start spreading FUD  about ESF and pfSense.  Normally, when you see what 
you consider to be a troll, the usually response is "don't feed the troll" and 
ignore the thread until it runs out of fuel.  I guess the response is 
different, though, when someone is directing FUD at your company.  Then, rather 
than annoyance and bruised egos, the damage can be more real and a more robust 
response might be warranted.

It's up to Jim how he expresses himself.  Given that "Thinker Rix" was doing a 
remarkable job of impersonating a troll (IMHO), I think the blunt approach is 
the pragmatic logical endpoint of that dialogue.  It's sad, but dealing with 
trolls is a sad business. :-(

Cheers,

Paul.

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Jim Thompson]

On Oct 12, 2013, at 1:35 PM, Chris L  wrote:

> 
>> On 2013-10-12 01:40, Jim Thompson wrote:
>>> 
>>> I'm not willing to endure this uninformed Alex Jonesian crapfest.
> 
> Nice position to take, except Alex Jones was right.

Sigh.  As much as this doesn’t belong on the pfsense list…

I actually know Alex, or did, 13 year ago.   I got friendly enough with him 
back in the mid-late 90s that we had each other’s cell phone numbers.

Back then Jamie and I were involved with Fringeware.

http://en.wikipedia.org/wiki/FringeWare_Review
http://www.austinchronicle.com/issues/vol16/issue26/screens.fringeware.html

Fringeware became an advertiser on Alex Jones' radio show (on KLBJ, before he 
got booted).

On the front-end, I was a respected advertiser.  Meanwhile, others associated 
with Fringeware were culture-jamming him on the back-end. the result: #discordia

Oh, the memories this brings back.  (As you’ll see, the FBI showed up to demand 
something, didn’t have a warrant, and was shown the sidewalk.)

http://www.wingtv.net/thorn2006/jarhead.html
http://www.austinchronicle.com/news/2000-07-14/77932/

Clayton, btw is a dear friend.  Easily one of the most brilliant people I’ve 
ever known.  I hope he speaks at my funeral.

Other fun was had at Fringeware.  We supported the Yes Men 
(http://en.wikipedia.org/wiki/The_Yes_Men)  We actually hosted their website, 
as well as that of RTmark for a period in the late 90s on the same machine used 
for smallworks.com (which was originally the corporation behind the firewall 
named “Netgate”), fringeware.com, etc.

One of their pranks was that they setup a website named www.gwbush.com. 
(http://en.wikipedia.org/wiki/The_Yes_Men#George_W._Bush  
http://theyesmen.org/hijinks/gwbush http://www.rtmark.com/bush.html)  which 
resulted in Bush’s famous "There ought to be limits to freedom,”  quote.

http://www.rtmark.com/bushpr2.html

The great untold story on this is that all these websites were hosted in a 
shitty office building on Shoal Creek Blvd, one floor up from the then offices 
of "Karl Rove & Associates” even as they fought to shutdown gwbush.com.  The 
#irony was delicious, and they never succeeded. :-)

Anyway, you might want to study up on STRATFOR, or  Mary Maroney, who was the 
editor and chief of Infowars magazine until earlier this year.
Maroney formerly worked for Stratfor and Parker Media here in Austin.  If you 
don’t know who they are, then I suggest more research on your part.

Have fun, but be careful when you enter the rabbit hole.   Snowden and Manning 
are both late-comers to the party:

http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer?currentPage=all
http://www.technologyreview.com/news/519661/nsas-own-hardware-backdoors-may-still-be-a-problem-from-hell/
http://cryptome.org/nsa-ssl-email.htm
http://news.cnet.com/8301-31921_3-20017671-281.html
http://www.wired.com/images_blogs/threatlevel/2013/09/15-shumow.pdf (see also: 
http://www.wired.com/threatlevel/?p=85661)
http://arstechnica.com/security/2013/01/secret-backdoors-found-in-firewall-vpn-gear-from-barracuda-networks/
http://dl.packetstormsecurity.net/papers/general/my_research1.pdf
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.154.825 / 
http://www.cs.ucf.edu/~czou/research/Chipset%20Backdoor-AsiaCCS09.pdf  (now 
consider all the cheerleading for Intel Ethernet chips on the various pfSense 
lists…)

Jim


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Bob Gustafson]

+1

On 10/12/2013 12:41 PM, Adrian Wenzel wrote:

I'm behind Jim on this.


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Chris L]

> On 2013-10-12 01:40, Jim Thompson wrote:
>> 
>> I'm not willing to endure this uninformed Alex Jonesian crapfest.

Nice position to take, except Alex Jones was right.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Oliver Hansen]

- Original Message -
From: "Adrian Wenzel" 
To: "pfSense support and discussion" 
Sent: Saturday, October 12, 2013 10:41:40 AM
Subject: Re: [pfSense] naive suggestion: conform to US laws


> 
> I can't say I agree with Thinker Rix on everything but on this I do
> agree. I have been on this list for many years (mostly just reading)
> and have always been impressed with the professionalism of most
> members who write and especially those affiliated with the project.
> I have been quite surprised and disappointed in the attitude and
> tone coming from Jim Thompson this last week and in my opinion THAT
> is what reflects poorly on the project.

I totally disagree.  I respect people who give their opinion outright.  We can 
flop about and sugar coat everything, try to make everyone feel fuzzy... and 
all that does is lead to misunderstandings and openings for more convoluted and 
pointless discussions.  I've been a part of the open source community for over 
20 years, and mostly we're a group of free thinking, well-intentioned 
individuals who have many irons in the fire.  We know the value of our time, 
and thus respect the value of others' time as well.  Our projects are not a 
place for discussions that can have no resolution: politics, religion, general 
conspiracy theories.

I'm behind Jim on this.

Regards,
Adrian


But notice how you agreed with Jim without using any personal attacks? I have 
no problem with that. It is completely possible to give your opinion outright 
about a *TOPIC* without attacking the person or threatening them. Jim's latest 
response actually does this pretty well and attacks the facts instead of the 
person. I'll let this go now but I felt it had to be said.

-Oliver
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Eugen Leitl]

On Sat, Oct 12, 2013 at 01:41:40PM -0400, Adrian Wenzel wrote:

> > I can't say I agree with Thinker Rix on everything but on this I do
> > agree. I have been on this list for many years (mostly just reading)
> > and have always been impressed with the professionalism of most
> > members who write and especially those affiliated with the project.
> > I have been quite surprised and disappointed in the attitude and
> > tone coming from Jim Thompson this last week and in my opinion THAT
> > is what reflects poorly on the project.
> 
> I totally disagree.  I respect people who give their opinion outright.  We 
> can flop about and sugar coat everything, try to make everyone feel fuzzy... 
> and all that does is lead to misunderstandings and openings for more 
> convoluted and pointless discussions.  I've been a part of the open source 
> community for over 20 years, and mostly we're a group of free thinking, 
> well-intentioned individuals who have many irons in the fire.  We know the 
> value of our time, and thus respect the value of others' time as well.  Our 
> projects are not a place for discussions that can have no resolution: 
> politics, religion, general conspiracy theories.
> 
> I'm behind Jim on this.

I think the points of view on all sides have been now been 
sufficiently vented, and we can agree that the differences
are irreconcilable and the thread can be now laid to rest.

So let's all agree to disagree, and make optimal use
of pfSense, under above circumstances.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Adrian Wenzel]

- Original Message - 

> From: "Oliver Hansen" 
> To: "pfSense support and discussion" 
> Sent: Saturday, October 12, 2013 11:23:56 AM
> Subject: Re: [pfSense] naive suggestion: conform to US laws

> On Sat, Oct 12, 2013 at 4:10 AM, Thinker Rix <
> thinke...@rocketmail.com > wrote:

> > On 2013-10-09 19:38, Jim Thompson wrote:
> 

> > > So asking the question is stupid
> > 
> 

> > On 2013-10-09 19:50, Jim Thompson wrote:
> 

> > > IMO, this bullshit thread only serves to assist those asking the
> > > question in stroking their own ego.
> > 
> 

> > On 2013-10-12 01:40, Jim Thompson wrote:
> 

> > > Otherwise: get off my lawn.
> > 
> 

> > > I'm not willing to endure this uninformed Alex Jonesian crapfest.
> > 
> 
> > > Now that I'm back on US soil, I promise that if the later
> > > continues,
> > > I will kill the thread. People who hijack threads will be dealt
> > > with.
> > 
> 
> > > Otherwise: STFU.
> > 
> 

> > > Nor will I endure the besmirching of pfSense's good name and
> > > trademark.
> > 
> 

> > The only one who is besmirching pfSense here is: you - given that
> > as
> > a co-owner of ESF you are an official representative of pfSense -
> > and your official communication unfortunately shows that you are a
> > vulgarian, plebeian, obscene, scurrilous goon, who insults,
> > threatens, bullys, censors and muzzles other community members,
> > totally lacking control of himself and any professional business
> > manners whatsoever, let alone any constructive discussion culture.
> 

> > To me it feels highly awkward and it is unsettling me a lot, that
> > such an ill-mannered, shady and dubious roughneck like you holds a
> > key position in the project that creates the security product that
> > we use for protecting our networks.
> 

> > I have no idea why highly respected Chris Buechler partnered with
> > you, but it might be good if you would learn a lesson from him
> > concerning his professionalism, seriousness and manners in his
> > official communication.
> 

> > Bye.
> 
> I can't say I agree with Thinker Rix on everything but on this I do
> agree. I have been on this list for many years (mostly just reading)
> and have always been impressed with the professionalism of most
> members who write and especially those affiliated with the project.
> I have been quite surprised and disappointed in the attitude and
> tone coming from Jim Thompson this last week and in my opinion THAT
> is what reflects poorly on the project.

I totally disagree.  I respect people who give their opinion outright.  We can 
flop about and sugar coat everything, try to make everyone feel fuzzy... and 
all that does is lead to misunderstandings and openings for more convoluted and 
pointless discussions.  I've been a part of the open source community for over 
20 years, and mostly we're a group of free thinking, well-intentioned 
individuals who have many irons in the fire.  We know the value of our time, 
and thus respect the value of others' time as well.  Our projects are not a 
place for discussions that can have no resolution: politics, religion, general 
conspiracy theories.

I'm behind Jim on this.

Regards,
Adrian
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Jim Thompson]

On Oct 12, 2013, at 7:20 AM, Thinker Rix  wrote:

> On 2013-10-11 22:33, Walter Parker wrote:
>> Yes, you have been informed correctly. There are more than 2. According the 
>> World Atlas (http://www.worldatlas.com/nations.htm#.UlhOHVFDsnY) the number 
>> is someone between 189 and 196.
> 
> No kidding! ;-)
> 
>> But you did not answer the question asked: Name the country that you would 
>> move the project to and why you believe that country would do a better job?
> 
> Why should *I* name it and why should I present ready solutions for an idea 
> another community member brought up? Why should anybody be in a position to 
> present ready solutions at this point? How about having a fruitful discussion 
> and find solutions together?

There is no reason to build a house on sand.

There is no fruitful discussion to be had when the premise is patently false.

>> Then because the USA can't be trusted, who is going to replace the Americans 
>> on the project?
> 
> You are mixing things up here. Just because the USA invented their tyrannous 
> "Uniting and Strengthening America by Providing Appropriate Tools Required to 
> Intercept and Obstruct Terrorism Act", for which they perversely coined the 
> euphemistic term "Patriot Act" and there fore can not be trusted anymore for 
> hosting anything there, why should the Americans be replaced?!?!?
> 
>> The name and logo are owned by an American company.
> 
> I guess, that is true, i.e. that ESF registered pfSense and it's log as a 
> brand name.

You seem upset at this.  Why?

Instead of some kooky conspiracy theory that ESF could be tortured or pressured 
to weaken pfSense, is this the *real* issue you have?

>> I doubt they want to give them up to a foreign company owned by non-Americans
> 
> Nobody suggested that. Try thinking a bit more outside the box!
> For instance: A non-profit foundation could be founded in a country outside 
> the USA, and the brand, hosting of the project, etc. be transferred to that 
> company. A board would be elected for this foundation who just a few basic 
> things annually to keep the foundation running.
> ESF on the other side would be released of a great threat! They could 
> continue offering their pfSense services to their customers as usual, but 
> from now on nobody could come and force them to do things to pfSense since 
> "they have nothing to do with it”.

You seem upset that ESF controls the project.  Why?

>> just to make it harder for the American government to pressure the project.
> 
> Incorporating pfSense and bringing it out of the reach of US-domestic 
> jurisdiction would not "make it harder" but "impossible" to pressure the 
> project.

You have provided no explanation (other than “rubber hoses”) for what form that 
“pressure” would take.

>> If the rest of world wants to fork the project because of concerns about the 
>> US government, fine, but I don't think you will get buy in from ESF [the 
>> American company that owns the rights to the name pfSense].
> 
> Why to fork the code base?! No one suggested that - and no one suggested to 
> do things without - or even against - the key people of the ESF. Right the 
> opposite. It would even protect the ESF!
> 
>> Once again, name some names. Who do you consider more trustworthy?
> 
> I am not Jesus to hand solutions to the community on a silver platter

though point in fact, Jesus didn’t hand anyone a solution.


> (but surely would be available for a *constructive* and *well-disposed*, 
> *amicable* discussion to find solutions together!). I know of quite a lot of 
> countries that seem interesting for a closer analysis for this cause and 
> surely would propose one or another in such a constructive discussion.
> 
> Generally, what Adrian proposed makes only sense, if the community - 
> including ESF - understands the threat and decides to act proactively to 
> fight this threat.

“The community” doesn’t own the copyright on the code, nor the trademarks to 
the names used.  Those belong to ESF.

Further, you’ve hypothesized about a ‘threat’ without providing any factual 
basis for same.  The term for this form of argument is “conspiracy theory”.

Since pfSense is open source (specifically, the BSD license), “the community” 
(or rather “a community”) could take the decision to fork the code and create 
their own solution.  It’s been attempted a couple times, but none of these have 
flourished.  While I don’t encourage forks (it’s typically not good for either 
project), occasionally they work out (at least for a while), I don’t go out of 
my way to inhibit those who wish to fork.

However, in any case, such a community would be prohibited from naming the 
result “pfSense”.

> But since 33% of the ESF - namely Jim Thompson

You greatly inflate my ownership interest here.

> - prefers bullying, insulting, frightening and muzzling anybody who brings up 
> the threat that we are facing, trying to strike dead any thought as soon as 
> it comes up (strange, isn't it?),

Re: [pfSense] naive suggestion: conform to US laws

[Oliver Hansen]

On Sat, Oct 12, 2013 at 4:10 AM, Thinker Rix wrote:

> On 2013-10-09 19:38, Jim Thompson wrote:
>
>> So asking the question is stupid
>>
>
> On 2013-10-09 19:50, Jim Thompson wrote:
>
>> IMO, this bullshit thread only serves to assist those asking the question
>> in stroking their own ego.
>>
>
> On 2013-10-12 01:40, Jim Thompson wrote:
>
>> Otherwise: get off my lawn.
>> I'm not willing to endure this uninformed Alex Jonesian crapfest.
>> Now that I'm back on US soil, I promise that if the later continues, I
>> will kill the thread. People who hijack threads will be dealt with.
>> Otherwise: STFU.
>>
>> Nor will I endure the besmirching of pfSense's good name and trademark.
>>
>
> The only one who is besmirching pfSense here is: you - given that as a
> co-owner of ESF you are an official representative of pfSense - and your
> official communication unfortunately shows that you are a vulgarian,
> plebeian, obscene, scurrilous goon, who insults, threatens, bullys, censors
> and muzzles other community members, totally lacking control of himself and
> any professional business manners whatsoever, let alone any constructive
> discussion culture.
>
> To me it feels highly awkward and it is unsettling me a lot, that such an
> ill-mannered, shady and dubious roughneck like you holds a key position in
> the project that creates the security product that we use for protecting
> our networks.
>
> I have no idea why highly respected Chris Buechler partnered with you, but
> it might be good if you would learn a lesson from him concerning his
> professionalism, seriousness and manners in his official communication.
>
> Bye.


I can't say I agree with Thinker Rix on everything but on this I do agree.
I have been on this list for many years (mostly just reading) and have
always been impressed with the professionalism of most members who write
and especially those affiliated with the project. I have been quite
surprised and disappointed in the attitude and tone coming from Jim
Thompson this last week and in my opinion THAT is what reflects poorly on
the project.

-Oliver
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Thinker Rix]

On 2013-10-11 22:33, Walter Parker wrote:
Yes, you have been informed correctly. There are more than 2. 
According the World Atlas 
(http://www.worldatlas.com/nations.htm#.UlhOHVFDsnY) the number is 
someone between 189 and 196.


No kidding! ;-)

But you did not answer the question asked: Name the country that you 
would move the project to and why you believe that country would do a 
better job?


Why should *I* name it and why should I present ready solutions for an 
idea another community member brought up? Why should anybody be in a 
position to present ready solutions at this point? How about having a 
fruitful discussion and find solutions together?


Then because the USA can't be trusted, who is going to replace the 
Americans on the project?


You are mixing things up here. Just because the USA invented their 
tyrannous "Uniting and Strengthening America by Providing Appropriate 
Tools Required to Intercept and Obstruct Terrorism Act", for which they 
perversely coined the euphemistic term "Patriot Act" and there fore can 
not be trusted anymore for hosting anything there, why should the 
Americans be replaced?!?!?



The name and logo are owned by an American company.


I guess, that is true, i.e. that ESF registered pfSense and it's log as 
a brand name.


I doubt they want to give them up to a foreign company owned by 
non-Americans


Nobody suggested that. Try thinking a bit more outside the box!
For instance: A non-profit foundation could be founded in a country 
outside the USA, and the brand, hosting of the project, etc. be 
transferred to that company. A board would be elected for this 
foundation who just a few basic things annually to keep the foundation 
running.
ESF on the other side would be released of a great threat! They could 
continue offering their pfSense services to their customers as usual, 
but from now on nobody could come and force them to do things to pfSense 
since "they have nothing to do with it".


just to make it harder for the American government to pressure the 
project.


Incorporating pfSense and bringing it out of the reach of US-domestic 
jurisdiction would not "make it harder" but "impossible" to pressure the 
project.


If the rest of world wants to fork the project because of concerns 
about the US government, fine, but I don't think you will get buy in 
from ESF [the American company that owns the rights to the name pfSense].


Why to fork the code base?! No one suggested that - and no one suggested 
to do things without - or even against - the key people of the ESF. 
Right the opposite. It would even protect the ESF!



Once again, name some names. Who do you consider more trustworthy?


I am not Jesus to hand solutions to the community on a silver platter 
(but surely would be available for a *constructive* and *well-disposed*, 
*amicable* discussion to find solutions together!). I know of quite a 
lot of countries that seem interesting for a closer analysis for this 
cause and surely would propose one or another in such a constructive 
discussion.


Generally, what Adrian proposed makes only sense, if the community - 
including ESF - understands the threat and decides to act proactively to 
fight this threat.


But since 33% of the ESF - namely Jim Thompson - prefers bullying, 
insulting, frightening and muzzling anybody who brings up the threat 
that we are facing, trying to strike dead any thought as soon as it 
comes up (strange, isn't it?), I have no much hope that such a 
discussion about how to secure the future of pfSense will ever come to 
reality.


Follow the link, which of the 188-195 countries on that list do you 
propose to trust more and why? I'd suggest you pick once that is not 
already in bed with the NSA (which includes most of major western 
governments, plus some of the Middle East and Far East governments).


As we know by now, many western regimes are in bed with each other for 
surveying their own people, undermining democracy and civil rights. That 
is correct. The trick is that every country spies on the people of 
another country (which is legal) and then exchanges the data with the 
other country. So e.g. the USA spies on France, France on Canada, and 
Canada on the USA, and then they all exchange data with each other. And 
then - voilà - the result is that every country spies on his own people, 
circumventing it's own laws. In Europe there are many countries where it 
is officially known that they participate in this thimble-rigger trick, 
namely UK, Germany, France and others. But also other countries of the 
European Union, where it has not come up in the media that they do so - 
participate in this whole evil plan, since the EU has EU-wide programs 
in place such as INDECT which affect all members of the EU.


All this is correct, BUT:

It has nothing to do with our topic here! Even if you would incorporate 
a non-profit foundation in such a country where surveillance in place on 
it's own people, etc. the subject here is 

Re: [pfSense] naive suggestion: conform to US laws

[Thinker Rix]

On 2013-10-09 19:38, Jim Thompson wrote:

So asking the question is stupid


On 2013-10-09 19:50, Jim Thompson wrote:
IMO, this bullshit thread only serves to assist those asking the 
question in stroking their own ego.


On 2013-10-12 01:40, Jim Thompson wrote:

Otherwise: get off my lawn.
I'm not willing to endure this uninformed Alex Jonesian crapfest.
Now that I'm back on US soil, I promise that if the later continues, I will 
kill the thread. People who hijack threads will be dealt with.
Otherwise: STFU.
Nor will I endure the besmirching of pfSense's good name and trademark. 


The only one who is besmirching pfSense here is: you - given that as a 
co-owner of ESF you are an official representative of pfSense - and your 
official communication unfortunately shows that you are a vulgarian, 
plebeian, obscene, scurrilous goon, who insults, threatens, bullys, 
censors and muzzles other community members, totally lacking control of 
himself and any professional business manners whatsoever, let alone any 
constructive discussion culture.


To me it feels highly awkward and it is unsettling me a lot, that such 
an ill-mannered, shady and dubious roughneck like you holds a key 
position in the project that creates the security product that we use 
for protecting our networks.


I have no idea why highly respected Chris Buechler partnered with you, 
but it might be good if you would learn a lesson from him concerning his 
professionalism, seriousness and manners in his official communication.


Bye.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Mehmasarja Darks]

I second nixing the thread. pfSense does not benefit from this. 

Mehma

On Oct 11, 2013, at 3:40 PM, Jim Thompson  wrote:

> 
>> On Oct 11, 2013, at 12:39, Thinker Rix  wrote:
>> 
>> Again: The real threat by my comprehension is not some "guy in the internet" 
>> trying to place malicious code into the code base, but simply and plainly 
>> some NSA officers knock the door an force the project leaders to do it.
> 
> Please cite the law they might use to so this. 
> 
> Hint: it doesn't exist.
> 
> Hint 2: if you think Lavabit applies, you're part of the problem.
> 
> Otherwise: get off my lawn. 
> 
> I'm willing to listen to:
> 
> "I've dreamed up this possible attack that could inject bad code into 
> pfSense."
> 
> And especially, "I think I've found a problem."
> 
> I'm not willing to endure this uninformed Alex Jonesian crapfest. 
> 
> Now that I'm back on US soil, I promise that if the later continues, I will 
> kill the thread. People who hijack threads will be dealt with. 
> 
> I simply don't have time for it, and the people who actually work on pfSense 
> don't gave time for it. 
> 
> Nor will I endure the besmirching of pfSense's good name and trademark. 
> 
> If you have real issues, or even theories supported by minimal evidence, 
> bring them forward. 
> 
> Otherwise: STFU. 
> 
> Jim
> 
> 
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Mike McLaughlin]

Thank you for the final word Jim.

I have a real issue brought up by this thread; Gmail now considers a
significant amount of the list.pfSense.org mail spam, and this thread (and
a few others) was just that.

I'd complain more but others told Thinker exactly what I would say and he
doesn't care.

Mike McLaughlin


On Fri, Oct 11, 2013 at 5:16 PM, Gé Weijers  wrote:

>
> On Fri, Oct 11, 2013 at 11:13 AM, Walter Parker  wrote:
>
>>
>> 2) NSA forces pfSense to put a backdoor in the software. Tells pfSense to
>> be quite about it.
>>
>>
> The problem with doing that to open source is that it's easy to verify
> that it happened (especially after someone provides an anonymous hint).
> It's hard to keep secrets these days.
>
>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
>
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Gé Weijers]

On Fri, Oct 11, 2013 at 11:13 AM, Walter Parker  wrote:

>
> 2) NSA forces pfSense to put a backdoor in the software. Tells pfSense to
> be quite about it.
>
>
The problem with doing that to open source is that it's easy to verify that
it happened (especially after someone provides an anonymous hint). It's
hard to keep secrets these days.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Jim Thompson]

> On Oct 11, 2013, at 12:39, Thinker Rix  wrote:
> 
> Again: The real threat by my comprehension is not some "guy in the internet" 
> trying to place malicious code into the code base, but simply and plainly 
> some NSA officers knock the door an force the project leaders to do it.

Please cite the law they might use to so this. 

Hint: it doesn't exist.

Hint 2: if you think Lavabit applies, you're part of the problem.

Otherwise: get off my lawn. 

I'm willing to listen to:

"I've dreamed up this possible attack that could inject bad code into pfSense."

And especially, "I think I've found a problem."

I'm not willing to endure this uninformed Alex Jonesian crapfest. 

Now that I'm back on US soil, I promise that if the later continues, I will 
kill the thread. People who hijack threads will be dealt with. 

I simply don't have time for it, and the people who actually work on pfSense 
don't gave time for it. 

Nor will I endure the besmirching of pfSense's good name and trademark. 

If you have real issues, or even theories supported by minimal evidence, bring 
them forward. 

Otherwise: STFU. 

Jim


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[David Ross]

On 10/11/13 2:13 PM, Walter Parker wrote:

As I see it, there are are two things that can happen here


Not yelling at Walter.

The problem with all of this is that as long as our Congress (and the 
equivalent in other countries) passes laws that allow such backdoors 
with a threat of jail if you talk about it at any level we will have 
these issues.


If you want this to go away, then we need to elect folks to Congress who 
will change the laws.


But for most of us that's too big a hill to climb in terms of personal 
effort so we don't do it.



David
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Adrian Zaugg]

Thank you all for your messages. I consider my suggestion as declined.
No wonder... :-)

Regards, Adrian.

On 10/11/13 8:21 PM, Yehuda Katz wrote:
> On Fri, Oct 11, 2013 at 1:41 PM, Thinker Rix  > wrote:
> 
>> Probably would not work (or would get whoever did that thrown in
>> jail). This is similar to a Warrant Canary, but the USDoJ has
>> indicated that Warrant Canaries would probably be grounds for
>> prosecution of violation of the non-disclosure order. 
> inspired by the keyword you dropped, I researched a little bit and
> found: https://en.wikipedia.org/wiki/Warrant_canary
> It seems that you are correct: What Adrian suggests, is called a
> Warrant canary.
> In the wikipedia article it says that: "The intention is to allow
> the provider to inform customers of the existence of a subpoena
> passively, without violating any laws. The legality of this method
> has not been tested in any court." Is that wrong or in conflict with
> what you wrote?
> 
> 
> I do not know of any prosecution for using a Warrant Canary, but that
> does not change whether the government would intend to prosecute it (and
> I have discussed it with lawyers in the DoJ and other areas). It just
> means that the situation has not come up: either because no place that
> uses a Warrant Canary has received a "secret order" or because no place
> that has received one has been willing to really use it as designed.
> This is what it boils down to: Do you want to go in front of a federal
> judge and say "I did not say we received a subpoena, I just stopped
> saying we did not receive one."? I know I would not want to.
> 
> If anyone wants to talk more about Warrant Canaries, email me off the list.
> 
> - Y
> 
> 
> 
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
> 
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Adrian Zaugg]

This story is about a private company and about technology. We talk
about the legal situation. And btw. it is a criminal act to eavesdrop
and to hack into other's systems under Swiss law.

Regards, Adrian.

On 10/11/13 9:54 PM, Walter Parker wrote:
> Don't be too sure about Switzerland...
> https://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Walter Parker]

Don't be too sure about Switzerland...
https://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html

Which talks about a story that was in the German papers in the late 90's..

For half a century, Crypto AG, a Swiss company located in Zug, has sold to
more than 100 countries the encryption machines their officials rely upon
to exchange their most sensitive economic, diplomatic and military
messages. Crypto AG was founded in 1952 by the legendary (Russian born)
Swedish cryptographer Boris Hagelin. During World War II, Hagelin sold
140,000 of his machine to the US Army.

"In the meantime, the Crypto AG has built up long standing cooperative
relations with customers in 130 countries," states a prospectus of the
company. The home page of the company Web site says, "Crypto AG is the
preferred top-security partner for civilian and military authorities
worldwide. Security is our business and will always remain our business."

And for all those years, US eavesdroppers could read these messages without
the least difficulty. A decade after the end of WWII, the NSA, also known
as No Such Agency, had rigged the Crypto AG machines in various ways
according to the targeted countries. It is probably no exaggeration to
state that this 20th century version of the "Trojan horse" is quite likely
the greatest sting in modern history.



On Fri, Oct 11, 2013 at 12:49 PM, Adrian Zaugg  wrote:

>
>
> On 10/11/13 8:20 PM, Walter Parker wrote:
> > Unless, of course, you are willing to contribute time and money to
> > fixing this issue. Otherwise this just an armchair general telling other
> > people how to run the project.
> I don't think it is a problem to find a sponsered hosting here in
> Switzerland for example. Our law protects citizens from govermental
> despotism quite well. National security is not an issue here.
>
> But this is not the question. The question is wether software projects
> hosted in the US are still trustworthy because of the legal situation
> there. If the pfsense community has the opinion, that it is too risky,
> then it is time to start acting. Once this point is reached, me and
> others would certainly try to contribute. Most of the people here are
> network specialists and do have their connections to hosting
> possibilities, I think.
>
> Regards, Adrian.
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>



-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Adrian Zaugg]

On 10/11/13 8:20 PM, Walter Parker wrote:
> Unless, of course, you are willing to contribute time and money to
> fixing this issue. Otherwise this just an armchair general telling other
> people how to run the project.
I don't think it is a problem to find a sponsered hosting here in
Switzerland for example. Our law protects citizens from govermental
despotism quite well. National security is not an issue here.

But this is not the question. The question is wether software projects
hosted in the US are still trustworthy because of the legal situation
there. If the pfsense community has the opinion, that it is too risky,
then it is time to start acting. Once this point is reached, me and
others would certainly try to contribute. Most of the people here are
network specialists and do have their connections to hosting
possibilities, I think.

Regards, Adrian.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Moshe Katz]

On Fri, Oct 11, 2013 at 3:11 PM, Thinker Rix wrote:

> On 2013-10-11 21:20, Walter Parker wrote:
>
>> Who would you trust more that ESF? Why,specifically, would you trust
>> another group of people to be more trustworthy?
>>
>
> The point is not untrusting ESF or anybody else. The point is that ESF is
> based in the USA, a country where the current government can force you to
> do things against your community without having any chance to escape from
> it; they just force you to do so.
>

Do you really believe that any other government is less interested in this
than the USA?  I certainly don't.  The only difference is that the USA *
currently* has a very powerful surveillance entity (as do the UK and a
bunch of others), and most other countries *currently* do not.  I do not
believe for a second that the project would be any safer long-term under
the jurisdiction of any other country.  I propose that you actually find a
government of any first-world country that ins't interested in spying on
the rest of the world.  I direct you to
http://en.wikipedia.org/wiki/List_of_intelligence_agencies - and you can
start by corssing off almost every single country on that list.


> So the point of the whole idea that we evaluate here is: How can we secure
> pfSense from this nasty government so that they can not just force ESF or
> anybody else to comply with them.


If "this nasty government" is all you care about, then your security goals
are very short-sighted.   Start worrying about all the other nasty
governments.  I guarantee you there are lots more of them.

Moshe
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Walter Parker]

Yes, you have been informed correctly. There are more than 2. According the
World Atlas (http://www.worldatlas.com/nations.htm#.UlhOHVFDsnY) the number
is someone between 189 and 196.

But you did not answer the question asked: Name the country that you would
move the project to and why you believe that country would do a better job?

Then because the USA can't be trusted, who is going to replace the
Americans on the project? The name and logo are owned by an American
company. I doubt they want to give them up to a foreign company owned by
non-Americans just to make it harder for the American government to
pressure the project. If the rest of world wants to fork the project
because of concerns about the US government, fine, but I don't think you
will get buy in from ESF [the American company that owns the rights to the
name pfSense].

Once again, name some names. Who do you consider more trustworthy? Follow
the link, which of the 188-195 countries on that list do you propose to
trust more and why? I'd suggest you pick once that is not already in bed
with the NSA (which includes most of major western governments, plus some
of the Middle East and Far East governments). But that is me, maybe you
prefer to decide to move first and then figure out where you are going
after you have left (rather than planning where you are going before you
leave).



Walter


On Fri, Oct 11, 2013 at 12:11 PM, Thinker Rix wrote:

> On 2013-10-11 21:20, Walter Parker wrote:
>
>> Who would you trust more that ESF? Why,specifically, would you trust
>> another group of people to be more trustworthy?
>>
>
> The point is not untrusting ESF or anybody else. The point is that ESF is
> based in the USA, a country where the current government can force you to
> do things against your community without having any chance to escape from
> it; they just force you to do so.
> So the point of the whole idea that we evaluate here is: How can we secure
> pfSense from this nasty government so that they can not just force ESF or
> anybody else to comply with them.
>
>
>  I admit to have a USA bias, but for the issue in question, I don't there
>> being a much better choice. The UK has less freedoms in this matter.
>>
>
> As far as I am informed there are some more countries on the globe than
> the USA and the UK...
>
>
>  But then this is turning into a case of "I'm worried about things, here
>> lets have you [The project] spend time and money to fix the problem?"
>>
>> Unless, of course, you are willing to contribute time and money to fixing
>> this issue. Otherwise this just an armchair general telling other people
>> how to run the project.
>>
>
> Seems like a killer argument to me, which is kind of couterproductive in
> such an early stage of an idea/proposition, as this is.
>
> __**_
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/**mailman/listinfo/list
>



-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Thinker Rix]

On 2013-10-11 21:20, Walter Parker wrote:
Who would you trust more that ESF? Why,specifically, would you trust 
another group of people to be more trustworthy?


The point is not untrusting ESF or anybody else. The point is that ESF 
is based in the USA, a country where the current government can force 
you to do things against your community without having any chance to 
escape from it; they just force you to do so.
So the point of the whole idea that we evaluate here is: How can we 
secure pfSense from this nasty government so that they can not just 
force ESF or anybody else to comply with them.


I admit to have a USA bias, but for the issue in question, I don't 
there being a much better choice. The UK has less freedoms in this matter.


As far as I am informed there are some more countries on the globe than 
the USA and the UK...


But then this is turning into a case of "I'm worried about things, 
here lets have you [The project] spend time and money to fix the 
problem?"


Unless, of course, you are willing to contribute time and money to 
fixing this issue. Otherwise this just an armchair general telling 
other people how to run the project.


Seems like a killer argument to me, which is kind of couterproductive in 
such an early stage of an idea/proposition, as this is.

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Yehuda Katz]

On Fri, Oct 11, 2013 at 1:41 PM, Thinker Rix wrote:

>  Probably would not work (or would get whoever did that thrown in jail).
> This is similar to a Warrant Canary, but the USDoJ has indicated that
> Warrant Canaries would probably be grounds for prosecution of violation of
> the non-disclosure order.
>
> inspired by the keyword you dropped, I researched a little bit and found:
> https://en.wikipedia.org/wiki/Warrant_canary
> It seems that you are correct: What Adrian suggests, is called a Warrant
> canary.
> In the wikipedia article it says that: "The intention is to allow the
> provider to inform customers of the existence of a subpoena passively,
> without violating any laws. The legality of this method has not been tested
> in any court." Is that wrong or in conflict with what you wrote?
>

I do not know of any prosecution for using a Warrant Canary, but that does
not change whether the government would intend to prosecute it (and I have
discussed it with lawyers in the DoJ and other areas). It just means that
the situation has not come up: either because no place that uses a Warrant
Canary has received a "secret order" or because no place that has received
one has been willing to really use it as designed. This is what it boils
down to: Do you want to go in front of a federal judge and say "I did not
say we received a subpoena, I just stopped saying we did not receive one."?
I know I would not want to.

If anyone wants to talk more about Warrant Canaries, email me off the list.

- Y
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Walter Parker]

Who would you trust more that ESF? Why,specifically, would you trust
another group of people to be more trustworthy? I admit to have a USA bias,
but for the issue in question, I don't there being a much better choice.
The UK has less freedoms in this matter. But then this is turning into a
case of "I'm worried about things, here lets have you [The project] spend
time and money to fix the problem?"

Unless, of course, you are willing to contribute time and money to fixing
this issue. Otherwise this just an armchair general telling other people
how to run the project.







On Fri, Oct 11, 2013 at 10:41 AM, Thinker Rix wrote:

>  On 2013-10-11 16:20, Yehuda Katz wrote:
>
> Probably would not work (or would get whoever did that thrown in jail).
> This is similar to a Warrant Canary, but the USDoJ has indicated that
> Warrant Canaries would probably be grounds for prosecution of violation of
> the non-disclosure order.
>
>  - Y
>
> On Friday, October 11, 2013, Adrian Zaugg wrote:
>
>>
>> Dear all
>>
>> After having read the whole NSA thread on this list, it came up to my
>> mind that pfsense web GUI could declare itself "conform to US laws" upon
>> the point when there are known backdoors included or otherwise the code
>> was compromised on pressure of govermental authorities. It would be the
>> sign for the users to review the code and maybe to fork an earlier
>> version and host it in a free country, where the protection of personal
>> data is a common sense and national security is not so much an issue.
>>
>> Regards, Adrian.
>>
>
>
> Hi Yehuda,
>
> inspired by the keyword you dropped, I researched a little bit and found:
> https://en.wikipedia.org/wiki/Warrant_canary
> It seems that you are correct: What Adrian suggests, is called a Warrant
> canary.
> In the wikipedia article it says that: "The intention is to allow the
> provider to inform customers of the existence of a subpoena passively,
> without violating any laws. The legality of this method has not been tested
> in any court." Is that wrong or in conflict with what you wrote?
>
> In the case that it would indeed be prosecuted in the USA, we could
> consider to host the project in another country.
> In this case it would be interesting to investigate what needs to be
> hosted elsewhere: The source code versioning control system? The company
> behind pfSense (ESF)?
>
> I guess that the best solution would be to incorporate pfSense itself and
> untie it from ESF. Many other free software projects have done so recently.
> The most prominent example is Libre Office which is now "owned" by the
> Document Foundation (https://en.wikipedia.org/wiki/Document_Foundation).
> The "owned" refers to e.g. the brand name, since the software itself is
> free software, it is not owned by anybody.
>
> So summarizing:
> If pfSense would be incorporated as a foundation at some place (many
> countries would be possible) outside the USA, it could be a solution to
> this I guess.
>
> Regards
> Thinker Rix
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
>


-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Walter Parker]

As I see it, there are are two things that can happen here

1) NSA breaks into pfSense without knowledge of the staff => The only
solution is source code and binary review. This is not an option for people
like Thinker Rix or other non coders. The mostly spot for this to happen is
upstream from the project (in FreeBSD itself, in the libraries that FreeBSD
uses). This will require resources outside of the pfSense project to
validate.

2) NSA forces pfSense to put a backdoor in the software. Tells pfSense to
be quite about it.

The results of 2) are that either pfSense stays quite or they tell.
i) If they stay quite, then the only solution is the same answer as for 1),
independent evaluation.
ii) If they tell, then the project is over as they will be busy fighting
the government. They can be arrested for telling. Depending on the Judge,
any said or done that tips off someone that the project has a NSL, can be
taken as a violation.

What do you expect from the project? That they promise that they have not
been subverted and further promise to tell you when/if there are subverted,
regardless of the personal and financial costs to them?

This is a free project...  What is reasonable to expect from any project
like this?

Once we question trust in the project, the only reasonable course of action
is independent evaluation. Guess what, that is what the Government does
when it evaluates software. In fact, that is one of the NSA's other jobs.
This does, however, make software much more expensive. How to we get a
trusted evaluation of the software?



On Fri, Oct 11, 2013 at 10:46 AM, Thinker Rix wrote:

> On 2013-10-11 12:57, Adrian Zaugg wrote:
>
>> After having read the whole NSA thread on this list, it came up to my
>> mind that pfsense web GUI could declare itself "conform to US laws" upon
>> the point when there are known backdoors included or otherwise the code
>> was compromised on pressure of govermental authorities. It would be the
>> sign for the users to review the code and maybe to fork an earlier
>> version and host it in a free country, where the protection of personal
>> data is a common sense and national security is not so much an issue.
>>
>
> I think that your idea is worth further consideration.
>
> As I just answered to other postings of this thread, by my comprehension
> infiltrating firewall software such as pfSense should be highly interesting
> for NSA, etc. because they would get a grip onto your internal and VPN
> traffic.
> So it should be only a matter of time, that they knock the door at ESF and
> force them to do things they don't like. We all - as a community - should
> think and act pro-actively to that and take appropriate measures to protect
> pfSense, ESF and the key people such as Chris Buechler and his partners
> from this realistic thread in time.
>
> Best regards
> Thinker Rix
>
> __**_
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/**mailman/listinfo/list
>



-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Thinker Rix]

On 2013-10-11 16:20, Yehuda Katz wrote:
Probably would not work (or would get whoever did that thrown in 
jail). This is similar to a Warrant Canary, but the USDoJ has 
indicated that Warrant Canaries would probably be grounds for 
prosecution of violation of the non-disclosure order.


- Y

On Friday, October 11, 2013, Adrian Zaugg wrote:


Dear all

After having read the whole NSA thread on this list, it came up to my
mind that pfsense web GUI could declare itself "conform to US
laws" upon
the point when there are known backdoors included or otherwise the
code
was compromised on pressure of govermental authorities. It would
be the
sign for the users to review the code and maybe to fork an earlier
version and host it in a free country, where the protection of
personal
data is a common sense and national security is not so much an issue.

Regards, Adrian.




Hi Yehuda,

inspired by the keyword you dropped, I researched a little bit and 
found: https://en.wikipedia.org/wiki/Warrant_canary
It seems that you are correct: What Adrian suggests, is called a Warrant 
canary.
In the wikipedia article it says that: "The intention is to allow the 
provider to inform customers of the existence of a subpoena passively, 
without violating any laws. The legality of this method has not been 
tested in any court." Is that wrong or in conflict with what you wrote?


In the case that it would indeed be prosecuted in the USA, we could 
consider to host the project in another country.
In this case it would be interesting to investigate what needs to be 
hosted elsewhere: The source code versioning control system? The company 
behind pfSense (ESF)?


I guess that the best solution would be to incorporate pfSense itself 
and untie it from ESF. Many other free software projects have done so 
recently. The most prominent example is Libre Office which is now 
"owned" by the Document Foundation 
(https://en.wikipedia.org/wiki/Document_Foundation). The "owned" refers 
to e.g. the brand name, since the software itself is free software, it 
is not owned by anybody.


So summarizing:
If pfSense would be incorporated as a foundation at some place (many 
countries would be possible) outside the USA, it could be a solution to 
this I guess.


Regards
Thinker Rix
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Thinker Rix]

On 2013-10-11 12:57, Adrian Zaugg wrote:

After having read the whole NSA thread on this list, it came up to my
mind that pfsense web GUI could declare itself "conform to US laws" upon
the point when there are known backdoors included or otherwise the code
was compromised on pressure of govermental authorities. It would be the
sign for the users to review the code and maybe to fork an earlier
version and host it in a free country, where the protection of personal
data is a common sense and national security is not so much an issue.


I think that your idea is worth further consideration.

As I just answered to other postings of this thread, by my comprehension 
infiltrating firewall software such as pfSense should be highly 
interesting for NSA, etc. because they would get a grip onto your 
internal and VPN traffic.
So it should be only a matter of time, that they knock the door at ESF 
and force them to do things they don't like. We all - as a community - 
should think and act pro-actively to that and take appropriate measures 
to protect pfSense, ESF and the key people such as Chris Buechler and 
his partners from this realistic thread in time.


Best regards
Thinker Rix
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Thinker Rix]

On 2013-10-11 13:54, Przemysław Pawełczyk wrote:


On Fri, 11 Oct 2013 11:57:52 +0200
Adrian Zaugg  wrote:



(...)
mind that pfsense web GUI could declare itself "conform to US laws"
(...) It would be the sign for the users
Regards, Adrian.

Excellent idea. Really. But that would kill the project probably.


I am not sure that I understand what you mean. Is it what you want to 
say: In the case that the security software that you use gets 
infiltrated, you would prefer not learning about this fact, but just 
continue using it?


Greetings
Thinker Rix
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Thinker Rix]

On 2013-10-11 16:37, Seth Mos wrote:

On 11-10-2013 11:57, Adrian Zaugg wrote:

Dear all

After having read the whole NSA thread on this list, it came up to my
mind that pfsense web GUI could declare itself "conform to US laws" upon
the point when there are known backdoors included or otherwise the code
was compromised on pressure of govermental authorities. It would be the
sign for the users to review the code and maybe to fork an earlier
version and host it in a free country, where the protection of personal
data is a common sense and national security is not so much an issue.

?

And which country would that be?


There are many countries which would be a possibility . If wiretapping 
is done there or not is not so relevant. Relevant is, if the authorities 
can and do inject backdoors into the project by legal force.



Pretty much everything we have in pfSense is checked in the version
control system. Even in the beginnings (0.83) with CVS. Even our builder
scripts are in a RCS system, and it verifies all checksums on external
(mostly FreeBSD ports) software we download for the build.


I am not an expert, but in the NSA-thread above there have been examples 
given, how CVS can be circumvented. Also, the gap between the sources 
and the binaries could possibly be an port of entry for nasty stuff I guess.
Again: The real threat by my comprehension is not some "guy in the 
internet" trying to place malicious code into the code base, but simply 
and plainly some NSA officers knock the door an force the project 
leaders to do it.



The way the most intelligence agencies these days perform the wire
tapping is by getting a switch mirror port at a internet exchange. Even
fiber optics can be tapped without too much problems.


Yes, they do that. And much more, because they do not restrict 
themselves to a single source. They e.g. get the data from the data 
providers (google, facebook, amazon, etc.) AND wiretap the internet 
backbones AND program trojan horses to send them to their peoples (see 
e.g. https://en.wikipedia.org/wiki/Bundestrojaner#Staatstrojaner) AND 
collect geolocation data from your mobile phone provider AND force your 
encrypted-email provider to hand out their SSL keys to them AND ... etc. 
etc. etc.


But: With all those methods they can only collect EXTERNAL data. With 
exception the mentioned trojan horse, they do not as easily get your 
INTERNAL data, e.g. the data that circulates between the computers of 
your intranet.
By infiltrating a firewall software such as pfSense, they could get a 
grip onto the most important neuralgic point of the intranet, since much 
of the internal traffic flows over this box. Think e.g. about all that 
VPN traffic that flows over the firewall, e.g. because a company 
connects many branches via VPN...
So: Getting a grip onto the firewall would surely be highly interesting 
for them...



In .NL all large ISPs have a mandatory wiretap in place that stores
datetime stamped headers of the internet traffic for discovery purposes
from the authorities. The best part of this, it is paid for by the
customers, since the ISP needs to pay for the system and storage.


Yes, but see above.


Regards,

Seth


Regards
Thinker Rix
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Chris Bagnall]

On 11/10/13 2:37 pm, Seth Mos wrote:

And which country would that be? I mean the Brittish MI4? tapped the
Belgian telecom network for over a year to listen into the EU politicians...


Who is this MI4 of whom you speak? :-)

In very broad terms, UK to USA equivalents would be as follows:

GCHQ = NSA
MI5 = FBI (though the FBI has a much wider remit)
SIS (sometimes erroneously referred to as MI6) = CIA

On 11/10/13 2:37 pm, Seth Mos wrote:

In .NL all large ISPs have a mandatory wiretap in place that stores
datetime stamped headers of the internet traffic for discovery purposes
from the authorities. The best part of this, it is paid for by the
customers, since the ISP needs to pay for the system and storage.


There have been attempts to do similar in the UK, but ISPA (our industry 
body) has fought pretty hard against it. It seems to have died for now, 
but I've no doubt that future governments (or home secretaries) will try 
and resurrect it at every possible opportunity.


Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Seth Mos]

On 11-10-2013 11:57, Adrian Zaugg wrote:
> Dear all
> 
> After having read the whole NSA thread on this list, it came up to my
> mind that pfsense web GUI could declare itself "conform to US laws" upon
> the point when there are known backdoors included or otherwise the code
> was compromised on pressure of govermental authorities. It would be the
> sign for the users to review the code and maybe to fork an earlier
> version and host it in a free country, where the protection of personal
> data is a common sense and national security is not so much an issue.

?

And which country would that be? I mean the Brittish MI4? tapped the
Belgian telecom network for over a year to listen into the EU politicians...

I don't see the point in this.

I've been a developer since november 2005 and since that time I have
never seen any evidence that this is the case. Not to downplay the trust
issue, it is always good to do a background check on what we put into
pfSense (which we do).

Pretty much everything we have in pfSense is checked in the version
control system. Even in the beginnings (0.83) with CVS. Even our builder
scripts are in a RCS system, and it verifies all checksums on external
(mostly FreeBSD ports) software we download for the build.

The most realistic way to get a backdoor in pfSense would have to come
from a upstream source. And FreeBSD generally has this properly in order
and a security team that acts properly.

The way the most intelligence agencies these days perform the wire
tapping is by getting a switch mirror port at a internet exchange. Even
fiber optics can be tapped without too much problems.

In .NL all large ISPs have a mandatory wiretap in place that stores
datetime stamped headers of the internet traffic for discovery purposes
from the authorities. The best part of this, it is paid for by the
customers, since the ISP needs to pay for the system and storage.

Regards,

Seth
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Seth Mos]

On 11-10-2013 11:57, Adrian Zaugg wrote:
> Dear all
> 
> After having read the whole NSA thread on this list, it came up to my
> mind that pfsense web GUI could declare itself "conform to US laws" upon
> the point when there are known backdoors included or otherwise the code
> was compromised on pressure of govermental authorities. It would be the
> sign for the users to review the code and maybe to fork an earlier
> version and host it in a free country, where the protection of personal
> data is a common sense and national security is not so much an issue.

?

And which country would that be? I mean the Brittish MI4? tapped the
Belgian telecom network for over a year to listen into the EU politicians...

I don't see the point in this.

I've been a developer since november 2005 and since that time I have
never seen any evidence that this is the case. Not to downplay the trust
issue, it is always good to do a background check on what we put into
pfSense (which we do).

Pretty much everything we have in pfSense is checked in the version
control system. Even in the beginnings (0.83) with CVS. Even our builder
scripts are in a RCS system, and it verifies all checksums on external
(mostly FreeBSD ports) software we download for the build.

The most realistic way to get a backdoor in pfSense would have to come
from a upstream source. And FreeBSD generally has this properly in order
and a security team that acts properly.

The way the most intelligence agencies these days perform the wire
tapping is by getting a switch mirror port at a internet exchange. Even
fiber optics can be tapped without too much problems.

In .NL all large ISPs have a mandatory wiretap in place that stores
datetime stamped headers of the internet traffic for discovery purposes
from the authorities. The best part of this, it is paid for by the
customers, since the ISP needs to pay for the system and storage.

Regards,

Seth
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Yehuda Katz]

Probably would not work (or would get whoever did that thrown in jail).
This is similar to a Warrant Canary, but the USDoJ has indicated that
Warrant Canaries would probably be grounds for prosecution of violation of
the non-disclosure order.

- Y

On Friday, October 11, 2013, Adrian Zaugg wrote:

>
> Dear all
>
> After having read the whole NSA thread on this list, it came up to my
> mind that pfsense web GUI could declare itself "conform to US laws" upon
> the point when there are known backdoors included or otherwise the code
> was compromised on pressure of govermental authorities. It would be the
> sign for the users to review the code and maybe to fork an earlier
> version and host it in a free country, where the protection of personal
> data is a common sense and national security is not so much an issue.
>
> Regards, Adrian.
> ___
> List mailing list
> List@lists.pfsense.org 
> http://lists.pfsense.org/mailman/listinfo/list
>


-- 
Sent from a gizmo with a very small keyboard and hyper-active auto-correct.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] naive suggestion: conform to US laws

[Przemysław Pawełczyk]

Excellent idea. Really. But that would kill the project probably.

Regards,

On Fri, 11 Oct 2013 11:57:52 +0200
Adrian Zaugg  wrote:

> (...)
> mind that pfsense web GUI could declare itself "conform to US laws"
> (...) It would be the sign for the users
> Regards, Adrian.

-- 
Przemysław Pawełczyk (P2O2) - p...@blast.pl 
The Snapshots My Way - http://pp.blast.pl


pgpOHBlwduczr.pgp
Description: PGP signature
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] naive suggestion: conform to US laws

[Adrian Zaugg]

Dear all

After having read the whole NSA thread on this list, it came up to my
mind that pfsense web GUI could declare itself "conform to US laws" upon
the point when there are known backdoors included or otherwise the code
was compromised on pressure of govermental authorities. It would be the
sign for the users to review the code and maybe to fork an earlier
version and host it in a free country, where the protection of personal
data is a common sense and national security is not so much an issue.

Regards, Adrian.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list