Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
A bit late in the day, but... If you were going to compromise a distro then Debian and Red Hat would be the obvious ones to go for as they're more or less the root distros of all others (Arch and Slackware aside). Compromise Debian and you compromise Ubuntu and all it's spin offs. Compromise Red Hat and you have the Corporate sector in the palm of your hand. That's a lot of distros and a lot of data that's yours for the taking. Further - given that the current kernel has around 15 million lines of code in it, just how many hundreds of millions of lines of code are in the average distro? And these are all watched? All the time? And everyone watching them is 100% open hearted, honest and uncorruptible? Seems a little unlikely. Particularly given the fact that much of what is in GNU/Linux is Corporately developed or payrolled and the levels of double-mindedness that Corporate employees display are more than well documented. There is the now infamous incident where Linus Torvalds was asked if he had been approached by the NSA and he said no whilst nodding. And it all seems so gentlemanly, as though they said We don't suppose you'd be willing to compromise the kernel? No? We didn't think so, oh well it was worth a try and not if you value your children's lives, you'll do as you're told or, far more likely, they found someone on the kernel dev team who had a weakness, or need of money and as such was turnable. And no one is going to submit a patch with the P.S - I've been approached by the NSA and they asked me to put a back door in this, so be aware... And even if none of this is true, fear and suspicion will destroy a community far more effectively than infiltrating it will. So a whisper here and a carefully crafted blog post there and suddenly everyone's behaving like that scene in the Clint Eastwood movie where we're all standing in a graveyard, eyeing each other warily, hands hovering over guns, waiting for someone to make the first move. Divide and rule has been practiced for millenia and whilst those who practice such methods have millenia of archives and manuals on how to do it, those who resist seem to have to relearn, from the ground up, in each and every generation. That said, it's now known that backdoors are being built into the hardware and are deisnged to be OS agnostic, so it matters little whether Debian has been compromised, if it's running on compromised hardware. And to my mind, the development of OS agnostic backdoors in the hardware is a direct response to OpenSource software. Think you've outsmarted us, just because you use Linux? I read the article and the lengthy debate. It comes down to paranoia (a very healthy attitude considering all we now know) vs trust. All the arguments for trust are based on an appeal to the majority or on a specific lack of evidence of corruption. Neither are valid arguments. So, either I learn all the necessary languages and then audit the code myself (for who else can I really trust?) or I have to 'hope for the best' despite overwhelming evidence to the contrary. The former is impossible and the latter is no choice worth making. I have zero expectations of privacy. Regardless of what software I use, there is no escape from State surveillance. Even if there was a 100% clean OS, my ISP is spying on me anyway. This post I'm typing on my nice 100% libre OS, will still be sent through servers, in a series of packets and it's almost certain that they can be read by those I have not given permission to. So why bother at all then? For me, it's about personal morality. I believe in marriage, but I don't entertain ideas that because I believe in marriage that this will lead to an end to one night stands, or divorce. But neither will I say marriage is going out of fashion so I won't bother either. I tend to regard the majority as unsavable. They are blind, deaf and dumb; deprived of the wherewithall to make informed decisions and programmed to despise those who do. So all we have is our little corner of the world and it's good to find others who feel the same way, albeit in varying degrees. But changing the world for the better? Not going to happen. That doesn't mean don't try, it just means be realistic about our chances and be ruthlessly discerning over who says what and why. If your first reaction to Debian owned by the NSA was anger, then you're almost certainly not thinking straight about the deeper issues. The title was intentionally provocative, to get people to read it, to try to get people to think beyond the badges and sales slogans that we're all familiar with and over which we should, by now, be very questioning, regardless of who states them. When a High Street Bank says the name you can trust anyone who watches the news will fall about laughing. Even the Co-Op bank (here in the UK) has abandoned ethical practices and is now
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
It is informative when you read documentation by the OpenBSD teams, one of the more secure distros. They assert that even a locked-down OS is useless if the user is careless. There is a series of behaviors and precautions a user needs to take when handling sensitive information. At best, you can make it very difficult for an attacker to get at the information. If an attacker is determined, s/he can get at the materials in question--but you can influence when. There are many ways to check if your computer is being compromised. Read some of the docs on openssh, really informative stuff. I am not saying use OpenBSD, but taking cues from some of their practices in safeguardding an OS is helpful. There is a lot to be learned from other Distros and it is unfortunate when some adopt a 'turf war' mentality. A diverse ecosystem of OS's is a positive thing and I am always happy when new, independent OS' are forked/developed.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
I suppose it is quite a good thing that Windows is so popular because it means that people who like to crack computer security, or make software that does it for them target on windows, not us GNU/Linux users.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
I suppose it is quite a good thing that Windows is so popular because it means that people who like to crack computer security, or make software that does it for them target on windows, not us GNU/Linux users.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
laigualdad at riseup.net wrote: As to what Julian Assange said, he mentioned that Debian's package system design (where things depend on each other) is somehow an insecure design because all it takes is compromising one or a few packages. Does he know what he is talking about, or is there an apparently more secure design approach to operating systems? Let's review what he said. I watched the video and typed in this transcript from what I heard him say. === Questioner: Now, one of the big topics here is open source and I'm wondering whether the fact that you have an open system where everyone knows how it works would make encryption more secure than a closed system? Assange: We know from experience that it does seem to be the case; that there's a vast number of closed source snake oil encryption systems being spread around. Now we know that open source is not entirely a solution. For example, there was an encryption bug in Debian's version of SSH in the random number generator which existed for years and that was all open source. Now it was eventually found and revealed also because it is open source. But the way things are done now is bug doors: these are back doors designed to look like bugs. And what is the security of the programmers who are involved in some of these open source systems? Can you, when they update their code, can you implant what looks like a bug, even a typo that carries through? Or, say, look at a system like Debian, the various kinds of Unix systems. Look at all the packages they include. Look at the upstream binaries -- dependencies upon dependencies upon dependencies. All you need to do is compromise one of these dependencies and then there's a flow through and these all get embedded. I mean, these modern systems now, are assemblages of incredible intellectual content which is being developed all over the world over the past 10 years by many different players. It is the nature of our CPUs that there is only a few, you know, maybe 3, different security layers in our systems. But when you pull together thousands of packages all together it's pretty hard to resist the security compromises that are engineered by nation-states. It doesn't mean that it's not worth trying and increasing the cost of owning the world. === I don't immediately see how interdependency is inherently insecure nor do I see how interdependency is avoidable. I would like to know more about a design that avoids interdependency. I figure this is basically impossible because every OS I know of runs programs atop system libraries. So if there's a vulnerability in a system library, every application inherits that vulnerability unless it takes steps to work around the issue. In the Free Software world I doubt developers do this because developers can patch the system code and use the system code as intended. The only approach I can see to solving this issue is the hard work developers and distributors should be doing anyhow: greatly reduce the number of packages in the distribution to those packages one can vet, and then keep up with vetting source code and updates for those packages. This is certainly work worth paying people to do (in other words, a commercial opportunity unique to Free Software). Any OS distribution aiming to do this would be wise to start with a 100% Free Software system like Trisquel. By the way, I do not mean to say open source or FLOSS here instead of Free Software. The open source movement is ready to accept non-free software out of convenience and adherence to its developmental methodology which was designed to ignore software freedom. Such goals directly contradict the purpose of the work I just described. Also: author seems to think Red Hat rules the GNU/Linux universe. What? The blog author doesn't defend some of the points made in the article on http://igurublog.wordpress.com/2014/04/08/julian-assange-debian-is-owned-by-the-nsa/ therefore I can't take that article too seriously. A lot of that article is guilt by association -- Red Hat has US government contracts, therefore Red Hat is a suspect in getting insecurities into software they distribute (software that could be distributed further by others, such as the Linux kernel). There's little point in distinguishing between proprietors and the US Government, but that doesn't make the Heartbleed bug an NSA plant nor does it mean Finland outed the NSA here. There's no clear evidence of Heartbleed being anything but a mistake. I don't buy guilt-by-association reasoning in this context precisely because of the freedoms of Free Software -- so long as people have these freedoms we have the tools we need to look out for our interests if we're willing to apply the rigorous inspection and questioning that we also require. Eliminating non-free software is a major step down that road (thanks to
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
RMS has mentioned this before in some of his talks. Free software is not a perfect solution from a privacy standpoint since the entire GNU/Linux system is so complex as it still requires eyes on all packages all the time which is hard. It requires some level of trust somewhere in compiled packages, but it sure beats non-free software. It really is the best anyone can do. At the end of the day you could compile the entire system yourself, but it's still impossible for you alone to know what is in the public source since you're just one person. Therefore we have to trust that somebody, somewhere, in some project, if they find a bug, or security hole, etc that they tell someone and fix it so that you can them know. Again it's not perfect, but what else can you do?
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
jodiendo, I read somewhere (who knows if it is true) that one US government agency had ~1,000 full time analysts who look for bad code to be used for potential exploits. Assuming other countries have something similar, in numbers alone, the free (and open) software movements would need similar thousands--full time equivalent--doing similar work and making fixes, rather than cataloging and saving exploits for later. This approach does not involve trust, which is what you asked about, but may well work better than trust. Just use plain old overwhelm and make the opposition's work more and more expensive and more and more difficult to justify and sustain. The problem with trust is that while it ought to be earned, the world is full of good guys and bad guys and corruptions within both groups who do not make the accounting easy or fair. Ideally they want to dispense trust or safety or privacy; to bless it, to control it, which in turn gives them an indirect control and status over all people who need to believe in those issues. And many people are ok with, and even welcome, a scenario of letting someone else do it, so that kind of trust system works, but doesn't really deliver what it promises. It takes work to accept and deal with trust issues, poor security, and the loss of privacy. Making the work harder is that there is no end point; the work is never finished, it is an ongoing process as they say...because good guys and bad guys keep figuring out new methods to accommodate their ends and needs. Personally I am still waking up to this reality and have difficulty accepting it. I have noticed it however and that is a start. There has been a compelling myth that freely readable software code has many eyes constantly checking and improving it. That myth must die today and no longer be recognized as real. From now on, it needs to become real. How to develop a real system of code checking that overwhelms the opposition would be helpful. How to arrange that? At this time, I do not know. There must be a way however.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
The US government doesn't use the Tor network for encrypted communications... It uses its own separate networks, including Skynet-type of satellite ones, who are not open to civilian use. The Tor network is something only used by people who think they're going to escape the US or some other government's surveillance, by using such provenly insecure communications network. (Which might indeed work, to escape surveillance in less developed countries, who are not capable of intercepting and decrypting the communications in question - but, that won't work, if you're trying to escape surveillance from a government that the US one might be willing to pass on information to.)
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
The big problem here is Debian. They must to include in they distribution all security programs and encryptions by default. They have a big responsibility because all major distributions are based on it inclusive Ubuntu. But they don't care at all about these aspects .I wonder why. Maybe Julian Assange is right. This is what Debian must do: (Jacob Appelbaum: Free software for freedom, surveillance and you ) http://media.libreplanet.org/u/zakkai/m/free-software-for-freedom-surveillance-and-you/ https://www.youtube.com/watch?v=oE92vJn_Ls8
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Apple backdoor http://rt.com/usa/apple-nsa-ios-exploit-693/ windows have backdoors too see hunting in widows www.cryptome.org/2014/01/nsa-windows-event.pdf GNU/LINUX much more secure than anything else reverse engineering on proprietary software is not a child play these days GNU/LINUX anyone can see the code and check everything but Linux kernel is designed and maintained by the guys who work in big corporations and paid so well , Linux kernel is not free .kernel may be backdoor easily .millions of lines of code while few line can fuck entire hard work in a blink of an eye
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Julian never stated that OS [Debian] in the video interview Lie. Debian is specifically mentioned, at 21m and 47s in the interview, in a segment that can start at the following time mark: https://www.youtube.com/watch?v=UFFTYRWB0Tk#t=21m21s Concerning the validity of the title of the posted article, The term owned, from what I can understand of modern-day English slang, is now used to mean that someone has obtained a partial or temporary control - or victory - over something - or someone - and, that has, therefore, defeated it's integrity, or defences - or rhetoric. (http://www.urbandictionary.com/define.php?term=owned) (Look on YouTube for videos containing this term.)
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Jacob Appelbaum... :) haha The present-day developer of a program created, and that is still financed, by the US government. :) (https://trisquel.info/en/forum/how-use-tor-trisquel#comment-26792) If there's any Free Software program here, that is actually owned by the NSA, and the likes, is the US Government's/Jacob Appelbaum's Tor network, known not to be secure - and that, therefore, serves as a very good trap for the more naïve. (I wouldn't listen to any advice coming from that US Government-helped hacker, that also works for the controlled corporate media...)
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Not true. The people at WikiLeaks are denying that it was one of them who stated what is said in the title of that article - and, they're not necessarily refuting that author's /interpretation/ of the facts (which, as I stated below - https://trisquel.info/en/forum/julian-assange-debian-owned-nsa#comment-51971 - I consider to be a valid one, when the use of the term owned is clarified).
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Thanks for the link. It's a good vid, watch it. But only after you've watched his CCC30 talk, to protect and infect part 2.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Well, ignoring that accusation made to myself, from someone who's profile reveals nothing about him or herself... So do the people who plant bugdoors in OpenSSL, and similar software, are great supporters for open source and strong encryption... Infowars has certainly done much more than Jacob Appelbaum, for the free community and the free society - since, there's much more to fight for in society, in terms of Freedom, than in the mere domain of which computer programs should people use. All that Appelbaum does for society, is: - To say, to the people who fear the US government's intrusion on their lives, for them to try to hide from Big Brother - which, as I've previously said, in here, is a counterproductive attitude to take (https://trisquel.info/en/forum/how-use-tor-trisquel#comment-26804). (While Infowars, and the likes, say for people to fight this type of outrageous surveillance, by neutralizing that same governmental threats to our privacy - which I consider to be the correct attitude, for one to have.) - And, also, to work for a clearly controlled mass media outlet, involved in the process of manipulating and lying to the masses, in order to keep them passive, obedient, and not a real threat to the same governmental-corporate interests that violate our privacy - as it is clearly shown by this publication's recent cooperation with Edward Snowden. Snowden is an obvious CIA/NSA puppet (with an incredible story, only to be swallowed by the more naïve - and by those not aware of what a fake desertion, often portrayed by intelligence assets, is - and) who's trying to control the debate about corporate-governmental intrusions in our lives. (And, for people with no, to very little, experience in activism - and, that know nothing about the counter-actions that the mentioned corporate-governmental interests take, in order to fight its opposition - the key-terms used to describe this kind of operations, and that you should inform yourselves about, are described here: https://trisquel.info/en/forum/rms-alex-jones-tues-mar-11-2014#comment-50771) And, for Snowden to say that he uses a distribution based on the US Government's Tor network (implying that it's a safe one, that other people should use) it's just another clear indication of his true nature (https://trisquel.info/en/forum/rms-alex-jones-tues-mar-11-2014#comment-50798).
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Trisq Thank You for that accurate explanation, Like you said A corner has been turned. It's going to be harder now, and perhaps less fun, and less innocent. We must be more diligent and savvy, but I do ask this questions? HOW? When? What? Where? to start identifying the trust worthy? This issue has become the Hydra and specially, this old can of worms we don't want to be transmitting securely with. Thank You again.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Concerning bugs, I know that bugs are a usual occurrence, when writing computer code. And, even more, when we're talking about complex programs - as most programs, nowadays, increasingly are. If the bugs that are discovered in specific security features and programs, are there on purpose, or not... Given the very serious possibility that they might be (due to the obvious interest that some very rich and powerful people have, that these Free Software programs are not effectively secure)... It's something that we have to judge on a case by case basis, I believe. The author of the posted article thinks that some of the bugs discovered in the SSL and SSH protocols are there on purpose. And, I strongly suspect so, also. But, since that, even if they were indeed there on purpose, the people who put them there are never going to admit it - and, there's no way to prove it - we'll have to stay in the field of (strong or weak) suspicions, and/or possible interpretations. (Which everyone, like is the case of the author of that article, has a right to express.) I don't doubt that the Debian project (that I happen to like very much) is a serious/honest one. But, what I do know (and, from experience) is that every activist/progressive organization of an open nature, can be easily infiltrated, by people who have the required knowledge to participate in them. And, given the obvious interest that the powers-that-be have to also infiltrate this type of Free Software organizations... I'll let it for everyone to draw their own conclusions (or suspicions). :) Concerning the Tor network, Its story doesn't add up. Since that, if this was a tool built in order to escape the US government's surveillance apparatus, why would it then have been developed by the US government itself, and still be financially supported by it, to this day? (But, again... I'll let everyone draw their own conclusions.) Concerning the mass media, I also speak from experience, when I evaluate them (like I did) based on their behaviour. Since that, having been a citizen journalist myself, I used to follow their work pretty closely, noticing how they would hide and manipulate facts, and only give publicity to the those issues and people that were in their (corporate) interest to call people's attention to. And so, I've come to be able to easily spot, nowadays, if I'm in the presence of a media outlet controlled by the big economic interests, or not. (But, this is something that I would have to argue much more about, in order to explain it better. And, since this is not the place to, I'll also leave it at that...)
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
While the OP claim against Debian isn't entirely valid (Julian never stated that OS in the video interview), much of the information is based on truth. We do know that many systems are intentionally infected - See: To Protect Infect [303c3], and also the trail of strange Debian bugs which leave you extra vulnerable. https://ftp.ccc.de/congress/30C3/webm/ As Grsec states wisely concerning the GNU/Linux kernel development - The “many eyes” of open source are blind, uninterested, or selling to governments for profit (it’s not the 1992 AD scene anymore) - The Case for Grsecruity https://grsecurity.net/the_case_for_grsecurity.pdf While these systems are open, not enough people are pentesting them for vulnerabilities.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
https://twitter.com/wikileaks/status/454246967124963328
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
You're not a reputable source. :/
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Just to clarify for those who skim through the thread without clicking on the links, the link above by alimiracle (https://twitter.com/wikileaks/status/454246967124963328) is Wikileaks denying the claim in the OP's original article, which was spread on the usual conspiracy channels but has no basis in reality.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
I'm not wasting time on this so here http://conspiracies.skepticproject.com/articles/alex-jones/
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
None of our people said this. Mr. Assange spoke about vulnerability of OS's to bribes and bugdoors in upstream components. Exactly
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
And, I'm not even going to waste my time debunking you, so here:
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
I talked about the number of people who maintain a distribution... And, there are a lot of people involved in Trisquel, besides the person responsible for the software itself. So what exactly is the benefit of a bunch of people submitting bugs and giving support in a forum? If you increase the number of those maintainers the amount of trust you will have to put into the main developer remains the same. I think you're trying to rationalize somehow why trisquel should not be a small distro; most of the common small distros have many people involved just like trisquel. Maybe you mean something different;
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Darksoul71: Due to the sheer amount of code for the Kernel itself, all applications used and all the libs included it is close to impossible to validate code for possible implemented weaknesses / back doors. Yes. It seems many eyes saw the Debian bug, but that was not the end of it, it still became a massive mess in spite of the awareness. http://marc.info/?l=openssl-devm=114651085826293w=2 Mr. Roeckx was known. http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x41DC1C907244970B and later http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x2064C53641C25E5D There is the idea that transparency or openness offers an automatic type purity or security to the code so much better than proprietary software, and that may be true...or should be true. However when errors are missed or minimized because of the assumption that so many eyes see the code that someone else will look into it, that is a problem. If too many people think along those lines, nobody is looking at the code, you know.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
To all: The intellectual discourse on this issue has certainly been interesting, shady, with lots of negative political drama and black ops worth reading. But, what on earth do we do from here? What are the solutions without compromising and affecting deeper all the GNU/LINUX OSI source code, farther WHO DO WE TRUST?
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Well the article OP linked is very questionable, if not at least misleading with regard to what Julian Assange actually said. Go here for what he actually said: https://www.youtube.com/watch?v=UFFTYRWB0Tk#t=1222 And his statement is essentially the same as FSF's: https://www.fsf.org/news/free-software-foundation-statement-on-heartbleed-vulnerability The author of tho article (IgnorantGuru) is free to have their opinion on how corrupted GNU/Linux developers are, but Julian Assange never said nor even implied that Debian is either owner or in a conspiracy with the NSA. It is solely the author's conclusion. As to what Julian Assange said, he mentioned that Debian's package system design (where things depend on each other) is somehow an insecure design because all it takes is compromising one or a few packages. Does he know what he is talking about, or is there an apparently more secure design approach to operating systems? Also: author seems to think Red Hat rules the GNU/Linux universe. What?
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
It's really just a matter of transparency and organizing things to optimize that. You cannot have perfection.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Infowars is not a reputable source :/
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
jodiendo: But, what on earth do we do from here? What are the solutions without compromising and affecting deeper all the GNU/LINUX OSI source code, farther WHO DO WE TRUST? As an illustration, imagine a shantytown built by good people, not designed by architects and not built by licensed contractors. No blueprints, no building codes, no inspectors. The shelters work but are not ideal. Not saying that existing code is a shantytown, however didn't most of it grow into being rather than being planned and designed as a whole GNU/Linux system with exacting coding standards and oversight along the way? An intern is saying he caused the heartbleed exploit. http://www.forbes.com/sites/kashmirhill/2014/04/10/whats-really-scary-about-heartbleed/ Look at the effect of that goof. Given the project budget and manpower, they accomplished a lot, sadly including showcasing the fragility of web security. When you see software or patches uploaded by cloudchild or starlord or whatever, should we be comfortable with that? A corner has been turned. It's going to be harder now, and perhaps less fun, and less innocent. Maybe it is time for a formal community of code auditors and reviewers to be created. Piece by piece, step by step, every line checked, impossible as it seems.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
I don't know if what you're asserting is true, but if I may, I'd like to point out that checksums show the contents of a file, not who made the file. If Canonical and the Trisquel team use the exact same method to compile a program (not incredibly unlikely), the checksums will be the same for both.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
@quantumgravity: I have no doubt that Debian is compromised in the pretty much same way as every GNU Linux distribution is compromised as well. Due to the sheer amount of code for the Kernel itself, all applications used and all the libs included it is close to impossible to validate code for possible implemented weaknesses / back doors. Also lets not forget that are areas with a high complexity are not really understandable for most devs. This applies to critical areas like lib OpenSSL and possibly a lot more. Of course this is no argument against free software. No-one said so.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Actually, I do include Debian among those non-profit organizations with a pro-Free Software policy... Since, I can understand the (practical) need for a proprietary repository, for those people who really need to use non-free programs. And, I think it's better to have one such repository that is maintained by a pro-Free Software organization, than a corporate one. (One organization doesn't have to be pure, in that aspect, to be included in my such label/description...) Although I, obviously, prefer the non-profit organizations that distribute /only/ Free Software - and consider them to be the champions of pro-Free Software policies - I do believe in the sincere effort of the people at Debian, in trying to make people come to the Free Software side, by serving as a bridge for those who, for various reasons, can't afford to use only Free Software. (As far as I know, Debian appeared at a time when it was not even possible - or almost - to have a home computer working decently, without the use of proprietary drivers and/or programs... And, it was by starting to use Debian-derived distros that I eventually got to Trisquel.) The people at Debain did, eventually - when they could(?) - rid the Linux kernel of proprietary blobs, and continue to make a very clear distinction between free and proprietary software, by forcing people to activate a separate repository, if they really want to use proprietary programs (and, therefore, forcing them to be completely aware of such decision and distinction). I was even on the Debian project's web pages that I learned what Free Software was all about, and got to read the GNU GPL. As I said in here, previously, (https://trisquel.info/en/forum/how-many-people-are-working-trisquel-which-libre-linux-distro-has-most-developers#comment-42517) I believe their decision to have a proprietary repository to be one that is forced by practical aspects (even though it goes against their intentions) and, not one made out of indifference, for the whole idea of Free Software.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
When I mentioned smaller distros, I meant the *small* ones, that are maintained by half-a-dozen people, or so - who reveal very little about themselves. And, what I meant, overall, was that: - I don't trust such small distributions. - And, concerning the big ones, I don't trust the ones that have corporations behind them. Leaving only the big ones that are made/maintained by well-known non-profit (serious) organizations the ones that I'm willing to try. (Trisquel, with its large number of volunteers, involved in it, is big enough, to fit my description.)
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
:) I don't necessarily have to know someone personally, in order to trust him, or her. I just have to know him, or her, well enough - as I would, if I had the opportunity to relate with such a person. (1) And, alternatively, one can reveal (very much) about one's true nature, just by the nature of one's work. (2) Meaning that... (1) People like Richard Stallman, for example, reveal a lot about themselves, in the public talks they give - which are a very good way to know what kind of persons they are. And, (2) one very good way to judge a person, is by the nature of the work they do. (Like in the saying, judge a tree by its fruits.)
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Google is a front for the CIA/NSA. (http://www.infowars.com/group-calls-for-hearings-into-googles-ties-to-cia-and-nsa/) And, it repeatedly censors people who use their services - including myself. (http://blackfernando.blogspot.pt/2013/03/como-o-youtube-censura-os-meus.html) The reason why many people, who are aware of this, still use its services, is because they're still the services used by most people who are not aware of all this. (And so, if you post a video on YouTube, it surely will be seen by many more people, than if it was posted elsewhere.) But, yes... This is all revealing to be counterproductive, to the powers-that-be. Being that the reason why the Internet, itself, (at least, as we know it) won't last for long. (https://trisquel.info/en/forum/internet-censorship-authoritarian-countries#comment-30744)
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
This doesn't make any sense at all; trisquel has exactly one developer. It's the prime example of a small distro.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
I talked about the number of people who maintain a distribution... And, there are a lot of people involved in Trisquel, besides the person responsible for the software itself. There are many libraries and programs which also have only one person responsible for them, in its origin. And, I could never know everyone of those same persons... The trust is never absolute. But, with a large number of (clearly) well-intended people involved in a distribution, that trust can be much higher than in other situations.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
After Reading some more of The 'Fine' Manuals, including Debian's docs then here: https://trisquel.info/en/wiki/how-trisquel-made I stand corrected, many binary packages are copied verbatim - so Thank You. Of course, the checksums being the same is of itself not enough to go on. A fully self compiling one person distro would conceivably write a script to fix the file timestamps etc in their own version of the .deb so a compare against the original can be done and a lot of compilation log surfing avoided. Which would seem to be what's needed here.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
This shouldn't even be a thread. It is just a information on a blog that shoving words into Julian's mouth. Here's the link for the video. https://www.youtube.com/watch?v=UFFTYRWB0Tkt=20m He just uses an example from Debian's bug to illustrate a point about backdoors that are disguised a bugs. Should we be checking Trisquel? Yes but jumping to conclusions is illogical. Sort of like this(from the blog): Assange mentions how Debian famously botched the SSH random number generator for years (which was clearly sabotaged – a known fact He provides no sources. There is no way to tell if a program was purposely sabotaged but with auditing and open-source we can check and fix those problems. Please no more of giving these nuts that'll use their own blogs as a soapbox on this forum. It's just FUD.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
I am merely saying that, with source code availability, Trisquel has the ability to.
[Trisquel-users] Julian Assange: Debian Is Owned By The NSA
here the link: http://igurublog.wordpress.com/2014/04/08/julian-assange-debian-is-owned-by-the-nsa/
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
This looks like FUD to me.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Haven't watched the video yet, so I have no idea what Assange is saying, but the wordpress.com guy is a typical basket case. Conspiracy theory all the way - almost entirely noise.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Do the big corporate entities, in control of the US government, have an interest in infiltrating and subverting every Free Software-related organization? (Most definitely, they do.) Does the US government have a habit of infiltrating and sabotaging organizations opposed to the corporate interests that it serves? (Yes, it does.) Has the US government infiltrated any main/big Free Software-related organization, with the above-mentioned purposes? (I don't know... But, I most definitely wouldn't be surprised to learn that... And, the known facts, revealed in that article, point to that suspicion...) For this reasons, I'm not surprised to read (and listen to) this, concerning Debian... And, I already didn't trust any corporate GNU/Linux distributions. (Including: Red Hat, that has deep ties with the US government; and Ubuntu, that even uses the same design as the British equivalent of the NSA.) And, since I don't personally know any of the people responsible for other smaller distros, that have benevolent dictators for life, in front of them, I don't know if I can trust them, or not. For these reasons, only the distributions made by non-profit organizations, that have a clear and transparent pro-Free Software policy, are the ones that I put my confidence in. Although, it's never a /total/ confidence. Since, I know (from experience) how every activist/progressive organization can be infiltrated and subverted, to different extends. Thanks for sharing that most interesting piece of news, bitbit.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
And, since I don't personally know any of the people responsible for other smaller distros, that have benevolent dictators for life, in front of them, I don't know if I can trust them, or not. You mean like trisquel? For these reasons, only the distributions made by non-profit organizations, that have a clear and transparent pro-Free Software policy, are the ones that I put my confidence in. You mean like debian?
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
In late 2010 OpenBSD experienced something similar. It is interesting to look at the details of that case. Awful lot of connections but apparently nothing big came of it or so they all say. http://marc.info/?l=openbsd-techm=129236621626462w=2 A few days later... http://lwn.net/Articles/420858/ I'm not sure what I believe, but I can say that this type of thing introduces distrust which takes more time and energy to overcome or to verify.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Thanks for the link. I never knew Poul-Henning Kamp exists. But he has a clear mind. And an admirable focus power. I mean the questions were asked by complete morons. No wonder OpenSSL is a mess, a painter would be more qualified to do C code than a CS major with ethics and understanding the level of Marvel comics. Sometimes I feel is degrading to have IT guys and theologians qualify for a University degree when they are less qualified than a stone mason.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Couldn't help myself noticing the irony. So we believe in a conspiracy. And everybody is out to get the poor user. And Google is evil. And NSA protects Google or the other way around. So we make a video. We're going to distribute it through a Google service, a service that watermarks the files and in closed formats. With such followers Assange is a dead man living on stolen time.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Knowing Rubén personally, I trust him. Granted you don't know me so take this for what it's worth.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
You mean like debian? No - They said one with a pro-Free Software policy. That precludes the Debian Project (note I'm referring to the Project, not the distro.) The Project's policies at best neutral, seeing no problem with their free and non-free stuff sitting side by side.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
No they don't. Look at the checksums.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
So you have to trust upstream as well. No you don't. Source code is still available and the package can be modified and recompiled if necessary.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
It looks like some files match like http://packages.ubuntu.com/precise-updates/amd64/python3/download and http://packages.trisquel.info/toutatis-updates/amd64/python3/download but then http://packages.ubuntu.com/precise-updates/amd64/python3.2/download and http://packages.trisquel.info/toutatis-updates/amd64/python3.2/download do not
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Do you rebuild all source packages? Do you trust Ubuntu's binary packages? Try looking at the checksums of some binary packages that Trisquel hasn't modified. Compare with Ubuntu.
Re: [Trisquel-users] Julian Assange: Debian Is Owned By The NSA
Run apt-cache show python 3.2 Result: same checksums. The packages.trisquel.info site is messed up, I reported an issue a while ago. (Some of trisquel's own packages don't even show up!)