Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

On 19/02/13 at 11:48am, Lee Fisher wrote: > I'd suggest one that is fully-controlled by the community, like > Debian, or another one of your preference. > Anywhere in the world I won't use Debian, because of the fact that packages shipped are modified and patched a lot. That means other people (pa

Re: [liberationtech] Cryptography super-group creates unbreakable encryption

Another aspect of this discussion I'm a bit surprised that no one has yet raised is the simple truth that no amount of testing and source code review can (or should) anoint a tool as secure. Even with formally provably secure software, OS, hardware, etc. it is still a very hard problem to make

Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

danimoth writes: > On 19/02/13 at 11:48am, Lee Fisher wrote: >> I'd suggest one that is fully-controlled by the community, like >> Debian, or another one of your preference. >> > > Anywhere in the world I won't use Debian, because of the fact that > packages shipped are modified and patched a lot

Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

On Wed, Feb 20, 2013 at 5:49 PM, micah anderson wrote: > Developers never made a mistake leading to a security problem, so > Debian's one mistake in 2006 should be forever trotted out as an example > of how Debian sucks, good point. I once needed to patch HTPdate [1], and immediately noticed two

Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

..on Wed, Feb 20, 2013 at 06:17:16PM +0200, Maxim Kammerer wrote: > On Wed, Feb 20, 2013 at 5:49 PM, micah anderson wrote: > > Developers never made a mistake leading to a security problem, so > > Debian's one mistake in 2006 should be forever trotted out as an example > > of how Debian sucks, goo

Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

Maxim Kammerer writes: > I have sent a patch to the author of HTPdate, and he wrote back that a > “Debian security administrator” already went over the code with him > line-by-line. There is no such thing as a "Debian security administrator", and HTPdate is not in Debian, so I'm not sure what t

Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

Hi, Julian Oliver wrote (20 Feb 2013 16:27:24 GMT) : > Did you file a bug? It doesn't look like you did. You should do it. The program Maxim was talking of is not part of Debian. ... and I agree it's totally unclear if that “Debian security administrator” was anything but a random system adminis

Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

On Wed, Feb 20, 2013 at 6:27 PM, Julian Oliver wrote: > Filing a bug is a standard procedure which is the fastest and most responsible > means of getting a patch in and escalated in Debian GNU/Linux. I don't see why I should file a bug in Debian, since I don't use it. > For all you know the auth

Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

..on Wed, Feb 20, 2013 at 05:45:10PM +0100, intrigeri wrote: > Hi, > > Julian Oliver wrote (20 Feb 2013 16:27:24 GMT) : > > Did you file a bug? It doesn't look like you did. You should do it. > > The program Maxim was talking of is not part of Debian. Yes, just after sending the email I 'apt-cac

Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

On Wed, Feb 20, 2013 at 6:46 PM, Julian Oliver wrote: > Yes, just after sending the email I 'apt-cache search htpdate', returning > nothing. It seems Maxim might have confused Debian with another distribution > of > GNU/Linux. No, I didn't — I know what Debian is. I remember it not being able to

Re: [liberationtech] Cryptography super-group creates unbreakable encryption

On 2/20/13 12:49 PM, Joseph Lorenzo Hall wrote: > Another aspect of this discussion I'm a bit surprised that no one has yet > raised is the simple truth that no amount of testing and source code review > can (or should) anoint a tool as secure. > > Even with formally provably secure software, OS,

[liberationtech] About private networks (Was Re: NYT covers China cyberthreat)

- Forwarded message from Alain Hebert - From: Alain Hebert Date: Wed, 20 Feb 2013 13:14:27 -0500 To: na...@nanog.org Subject: About private networks (Was Re: NYT covers China cyberthreat) Organization: PubNIX, Inc. User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130

Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

On 20/02/13 at 10:49am, micah anderson wrote: > > Developers never made a mistake leading to a security problem, so > Debian's one mistake in 2006 should be forever trotted out as an example > of how Debian sucks, good point. > > Sorry, but this distinction between Developers doesn't make sense,

Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

danimoth writes: > On 20/02/13 at 10:49am, micah anderson wrote: >> >> Developers never made a mistake leading to a security problem, so >> Debian's one mistake in 2006 should be forever trotted out as an example >> of how Debian sucks, good point. >> >> Sorry, but this distinction between Deve

Re: [liberationtech] Fwd: [g...@pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]

Anyway, we are free to choose what fit our requirements. True. Is there any formal academic research on the topic of distro stability/quality/security, with any listed attributes/requirements? On one hand, corporate control tends to spyware backdoors. On the other, volunteer control could h

[liberationtech] Let's make rooting phones a crime

Forward from the guardian project listserve: -- Oh wait, it already is! Thanks to new DMCA regulations. If we get 100,000 petitions on the White House petition site, Obama has to make a statement about this issue. The good news is that *there ar

Re: [liberationtech] Let's make rooting phones a crime

A quick point of clarification: rooting/jailbreaking your phone is indeed legal thanks to a DMCA exemption that was recently won. Unlocking your phone is a different matter. This blog post lays it out: https://www.eff.org/is-it-illegal-to-unlock-a-phone Cheers, Dan On 02/20/2013 03:30 PM, Cooper

Re: [liberationtech] Let's make rooting phones a crime

Was it really a new regulation? My understanding was that it was illegal since the DMCA was first passed in 1998, but didn't receive any press till a temporary exemption expired last month. While I agree that the anti-circumvention provision of the DMCA should be revoked, I don't think we should b

Re: [liberationtech] Let's make rooting phones a crime

hwamyeon writes: > While I agree that the anti-circumvention provision of the DMCA should > be revoked, I don't think we should be tasking the Librarian of Congress > to do this for us. The Librarian of Congress's power of exemption is > supposed to be specifically in the interest of supporting th

Re: [liberationtech] About private networks (Was Re: NYT covers China cyberthreat)

On Wed, Feb 20, 2013 at 2:14 PM, Eugen Leitl wrote: > - Forwarded message from Alain Hebert - > > From: Alain Hebert > Date: Wed, 20 Feb 2013 13:14:27 -0500 > To: na...@nanog.org > Subject: About private networks (Was Re: NYT covers China cyberthreat) > Organization: PubNIX, Inc. > User-

[liberationtech] "Chinas Internet?"

Photos of the dead sailors, their bodies gagged and blindfolded and some with head wounds suggesting execution-style killings, circulated on China’s Internet. From: http://www.nytimes.com/2013/02/21/world/asia/chinese-plan-to-use-drone-highlights-military-advances.html?_r=0 I know about the GFW o

[liberationtech] CryptoParty at Stanford

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 If you'll be near Stanford University on Sunday, February 24, from 1 pm to 5 pm, consider dropping by our CryptoParty. It will be in the Clubhouse in the center of Peter Coutts Circle on Peter Coutts Road, on the Stanford campus. Our volunt

Re: [liberationtech] "Chinas Internet?"

Most likely it's bad writing. What they likely meant by "China's Internet" is China's social network sphere, such as Sina Weibo communities and so on... NK On Wed, Feb 20, 2013 at 10:53 PM, Brian Conley wrote: > Photos of the dead sailors, their bodies gagged and blindfolded and some > with he

Re: [liberationtech] "Chinas Internet?"

The majority of Internet users in Mainland China spend 100% of their online time on Chinese websites. Google+, Facebook, YouTube, Twitter, Blogspot and many more (see https://en.greatfire.org) are completely blocked in Mainland China. Most other foreign websites are both considerably slower than do

Re: [liberationtech] "Chinas Internet?"

Thanks Martin, I was hoping you'd respond. Good point, Nadim. On Feb 20, 2013 8:20 PM, "Martin Johnson" wrote: > The majority of Internet users in Mainland China spend 100% of their > online time on Chinese websites. Google+, Facebook, YouTube, Twitter, > Blogspot and many more (see https://en.g

Re: [liberationtech] "Chinas Internet?"

Martin, Thank you for explaining. I will like to discuss more on detail and would need your help. I am the American in China that possed the VPN issue topic. Thank you Pacificboy Sent from my iPhone On Feb 21, 2013, at 12:44 PM, Brian Conley wrote: > Thanks Martin, I was hoping you'd respond

Re: [liberationtech] "Chinas Internet?"

I agree with most of Martin's statements. China's internet is practically separated from the world's internet already. On this front, the Chinese authority has won the battle. 2013/2/20 Martin Johnson > The majority of Internet users in Mainland China spend 100% of their > online time on Chinese

[liberationtech] Using Gajim Instead of Pidgin for More Secure OTR Chat

I just wrote a blog post that people here might find interesting about using Gajim, a chat client written in python, and Gajim's OTR plugin, a purely python implementation of the OTR standard, instead of Pidgin and libotr. https://micahflee.com/2013/02/using-gajim-instead-of-pidgin-for-more-secure

Re: [liberationtech] Using Gajim Instead of Pidgin for More Secure OTR Chat

On Wed, Feb 20, 2013 at 10:27 PM, Micah Lee wrote: > I just wrote a blog post that people here might find interesting about > using Gajim, a chat client written in python, and Gajim's OTR plugin, a > purely python implementation of the OTR standard, instead of Pidgin and > libotr. Uh. Writing som

Re: [liberationtech] Using Gajim Instead of Pidgin for More Secure OTR Chat

Micah Lee: > I just wrote a blog post that people here might find interesting about > using Gajim, a chat client written in python, and Gajim's OTR plugin, a > purely python implementation of the OTR standard, instead of Pidgin and > libotr. > > https://micahflee.com/2013/02/using-gajim-instead-of

Re: [liberationtech] "Chinas Internet?"

Good point xz Martin Johnson Founder of GreatFire.org | FreeWeibo.com | Unblock.cn.com PGP key On Thu, Feb 21, 2013 at 1:12 PM, x z wrote: > I agree with most of Martin's statements. China's internet is practically > separated from the world's internet alread