I apologize in advance for the subject and length of this reply. I debated just letting things pass without comment. But, security has many levels. And the first level is recognition of the threat.
Whether we recognize it or not. Whether we agree of disagree with the politics that lie beneath this situation or not; Whether we consider this a non-technical issue or not; By virtue of our employment we are all involuntarily caught up in a global conflict between the agents of extremely powerful states versus the talents, minds and beliefs of principled individuals. For better or for worse the chosen battleground is the software we use and the hardware we run it upon.
It is my belief that we as a community are not well served by individuals that decry every attempt to highlight the fundamentally terrible positions our governments have placed us in.
On Fri, October 10, 2014 13:33, William Woods wrote:
So claim made, nothing to back it up. Got it.
all I need to say isÂ…BASH , OpenSSLÂ…..
I am sure there are more.
But really, if you are going to claim something, at least be willing to back up what you claim is that asking to much ?
Of course, plausible deniably is the standard MO when a government does something that even their own subject populace would take exception to. That said one must give thought to the reality behind the following well documented controversy that goes back to 1999:
https://en.wikipedia.org/wiki/NSAKEY
But more recently we have:
http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-use...
and this:
http://techcrunch.com/2014/05/13/nsa-docs-detail-efforts-to-collect-data-fro...
This sort of publicity is sort of bad for business, which is really, really starting to bite the U.S. tech giants. So we now have these 'stand-up and be counted' responses like the following:
http://www.cnn.com/2013/12/05/tech/web/microsoft-nsa-snooping/
http://www.wired.com/2013/12/microsoft-nsa/
Which are about as trustworthy as . . . well, I cannot think of anything off-hand that I would consider as untrustworthy as the public statements of a corporation gagged by a secret court and suffering economically from the public revelations of that fact.
After, what we have in the U.S. (and the rest of the AABCNZ / 5-eyes network for that matter) at the moment is a totally out-of-control, irresponsible, and self-righteously belligerent security apparatus that is milking billions of dollars annually out of their populaces. Its leaders and employees have suborned the courts, committed perjury, and repeatedly and egregiously violated the very constitution (where such exist, the UK being a notable exception) that as public officials they are sworn to uphold.
This consortium has accumulated a vast collection of private data on every present, past, and probably future elected official in the U.S.A.; and quite likely of the rest of the world as well. I am not sure that such capability in the hands of people shown to put institutional interests above the law bodes well for public oversight.
Of course, maybe suggesting a tinfoil hat for everyone who ponders the implications of all in public this will make all of that unpleasant stuff just go away. When one cannot or will not address the central issue then attack the credibility of the opponent. Call for evidence and then dismiss it out of hand when confronted with it. Old news, shall we say. Never mind that dismissive response begs the question that these thing have happened and continue to happen.
Personally, I am beginning to wonder just who employs "William Woods" woods.w@gmail.com. A nice nondescript name with no signature block from an anonymous email address. Maybe he is a tinfoil salesman?
Anyone who attended the C3 Congress in Berlin this past December was exposed to an awful lot information and revelations from some highly respected privacy advocates. They were also made aware of the fact the various agencies actively monitor and participate in a range of online forums, including technical mailing lists and MMOGs.
Given CentOS's importance to the information infrastructure of todays business and scientific communities (about twice as many servers run CentOS than RHEL http://constantmayhem.com/ty-stuff/linuxsurvey/2013.html) it would not be surprising to me to discover one or more of said individuals skulking about. And, one has to admit, casting doubt upon and disparaging lines of enquiry into things contrary to their employer's interest might be among their assigned jobs.
Not that Mr. Woods is one of these mind you. He could very well be just be a mailing list troll of the everyday garden variety. Or, perhaps, he is a RedHat employee that takes any implied criticism of his employer a little too personally.
Whatever the case may be it is interesting that:
1. W. Woods first posted to the mailing list (under that name) this past July.
2. He has an utter fascination with things to do with SystemD and its detractors. Indeed that was the subject of his first post.
3. He has never asked, answered or added to a question of a technical nature in such a fashion as to provide a proposed solution or elaborate on a constructive approach to a problem.
4. The vast majority of his postings can, with the most charitable interpretation, be considered as snide deprecation of people who express opinions that he evidently feels compelled to comment on. Usually having to do with security. And without actually contributing anything in the way of useful information.
I am just saying, sometimes paranoia is induced by other people's behaviour, not by any internal mental defect.