I apologize in advance for the subject and length of this reply. I debated just letting things pass without comment. But, security has many levels. And the first level is recognition of the threat.
Whether we recognize it or not. Whether we agree of disagree with the politics that lie beneath this situation or not; Whether we consider this a non-technical issue or not; By virtue of our employment we are all involuntarily caught up in a global conflict between the agents of extremely powerful states versus the talents, minds and beliefs of principled individuals. For better or for worse the chosen battleground is the software we use and the hardware we run it upon.
It is my belief that we as a community are not well served by individuals that decry every attempt to highlight the fundamentally terrible positions our governments have placed us in.
On Fri, October 10, 2014 13:33, William Woods wrote:
So claim made, nothing to back it up. Got it.
all I need to say isÂ…BASH , OpenSSLÂ…..
I am sure there are more.
But really, if you are going to claim something, at least be willing to back up what you claim is that asking to much ?
Of course, plausible deniably is the standard MO when a government does something that even their own subject populace would take exception to. That said one must give thought to the reality behind the following well documented controversy that goes back to 1999:
https://en.wikipedia.org/wiki/NSAKEY
But more recently we have:
http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-use...
and this:
http://techcrunch.com/2014/05/13/nsa-docs-detail-efforts-to-collect-data-fro...
This sort of publicity is sort of bad for business, which is really, really starting to bite the U.S. tech giants. So we now have these 'stand-up and be counted' responses like the following:
http://www.cnn.com/2013/12/05/tech/web/microsoft-nsa-snooping/
http://www.wired.com/2013/12/microsoft-nsa/
Which are about as trustworthy as . . . well, I cannot think of anything off-hand that I would consider as untrustworthy as the public statements of a corporation gagged by a secret court and suffering economically from the public revelations of that fact.
After, what we have in the U.S. (and the rest of the AABCNZ / 5-eyes network for that matter) at the moment is a totally out-of-control, irresponsible, and self-righteously belligerent security apparatus that is milking billions of dollars annually out of their populaces. Its leaders and employees have suborned the courts, committed perjury, and repeatedly and egregiously violated the very constitution (where such exist, the UK being a notable exception) that as public officials they are sworn to uphold.
This consortium has accumulated a vast collection of private data on every present, past, and probably future elected official in the U.S.A.; and quite likely of the rest of the world as well. I am not sure that such capability in the hands of people shown to put institutional interests above the law bodes well for public oversight.
Of course, maybe suggesting a tinfoil hat for everyone who ponders the implications of all in public this will make all of that unpleasant stuff just go away. When one cannot or will not address the central issue then attack the credibility of the opponent. Call for evidence and then dismiss it out of hand when confronted with it. Old news, shall we say. Never mind that dismissive response begs the question that these thing have happened and continue to happen.
Personally, I am beginning to wonder just who employs "William Woods" woods.w@gmail.com. A nice nondescript name with no signature block from an anonymous email address. Maybe he is a tinfoil salesman?
Anyone who attended the C3 Congress in Berlin this past December was exposed to an awful lot information and revelations from some highly respected privacy advocates. They were also made aware of the fact the various agencies actively monitor and participate in a range of online forums, including technical mailing lists and MMOGs.
Given CentOS's importance to the information infrastructure of todays business and scientific communities (about twice as many servers run CentOS than RHEL http://constantmayhem.com/ty-stuff/linuxsurvey/2013.html) it would not be surprising to me to discover one or more of said individuals skulking about. And, one has to admit, casting doubt upon and disparaging lines of enquiry into things contrary to their employer's interest might be among their assigned jobs.
Not that Mr. Woods is one of these mind you. He could very well be just be a mailing list troll of the everyday garden variety. Or, perhaps, he is a RedHat employee that takes any implied criticism of his employer a little too personally.
Whatever the case may be it is interesting that:
1. W. Woods first posted to the mailing list (under that name) this past July.
2. He has an utter fascination with things to do with SystemD and its detractors. Indeed that was the subject of his first post.
3. He has never asked, answered or added to a question of a technical nature in such a fashion as to provide a proposed solution or elaborate on a constructive approach to a problem.
4. The vast majority of his postings can, with the most charitable interpretation, be considered as snide deprecation of people who express opinions that he evidently feels compelled to comment on. Usually having to do with security. And without actually contributing anything in the way of useful information.
I am just saying, sometimes paranoia is induced by other people's behaviour, not by any internal mental defect.
On Tue, 2014-10-14 at 13:29 -0400, James B. Byrne wrote:
I apologize in advance for the subject and length of this reply. I debated just letting things pass without comment. But, security has many levels. And the first level is recognition of the threat.
Bravo Mr Byrne. Well expressed.
...... the first level of GOOD SECURITY is recognition of the threat.
I have always been convinced Windoze 95 was designed to be invaded by 'approved' sources.
I remember my often sad, frustrating days with bug-filled Windoze 95 and 98 (never went pass these) and seeing the existence of the 'history' files that users could not view because the M$ software prevented all user scrutiny of these files and associated directories on the user's own computer.
I was also curious why the instant the computer connected with 'The Internet', Micro$oft would automatically start recording, on the user's own computer, all details of that Internet connection and, I assume, the traffic too. However M$ deliberately prevented users viewing that material in Windoze.
Remember Word98, Excel98 etc. (I think it was) and the secret embedding of the user's M$ data (Windows serial number etc.) in those files ?
When I installed Windoze 8 on a news reporter's girl friend's computer, M$ wanted, yes it insisted, on her email address, her gender, the area she lived, her email address and I can't remember if M$ also demanded her date of birth. As part of the Windoze registration process M$ sent her an email to confirm the accuracy of her email address.
Don't forget M$, as part of the Windoze registration, records the serial number of the network card, the hard disk, the motherboard etc. etc.
Conversely Centos does none of that .... yet. Knowing a wee bit about Uncle Sam, it is going to be inevitable that the USA government pressurises RedHat to provide backdoor access. It is not 'never' but simply when if they haven't already tried.
Ebay registration in Holland, Europe, insists on a telephone number which it calls to give the new user an acceptance code to type-in. Seems an email address is not sufficient information.
Google is the biggest spying operation in the world, excluding the USA government (military and security community).
Despite all the spying the USA government ignored the Islamic State threat in the so-called 'Middle East' for almost a year .... obviously western people are more interesting to spy on than genuine terrorists murdering civilians every day of the week. Randy suggestions made by teenagers to each other are much more important to the ever-listening USA government than tackling active terrorists.
Every router has a backdoor or 'technical support' access. The existence is not always mentioned in manuals. Every USA virus checker allows USA government viruses through.
Yes, the secret organisations are protecting us against 911 but when the CIA knew about it in advance from a conversion in the Bahamas made by a drunk in a bar (dismissed at the time by the USA) and a telephone call from a prisoner in a German jail (don't know the USA's inaction excuse after receiving that tip-off), one wonders how efficient they really are.
Snowden's material showed the USA military murdering civilians (the video from the helicopter and the machine gunning without cause of the civilians). No wonder the USA will not participate in the International Criminal Court in Den Haag, Nederland.
I am not a terrorist and I do object to the UK government letting the USA and Google et al snop on UK residents. The UK is the USA's biggest external (outside the USA) spying base/processing centre in the world.
Yes catch the really bad people but stop storing enormous amounts of personal data on the innocent people.
Ever wondered why HDDs are so cheap ? Its because the USA government buys them by the factory load ! What for ? Recording all your personal data of course.
Have a nice day people and wonder how many times in a single day is Uncle Sam and affiliates storing new personal data on you and your family. Hey Uncle Sam knows more about you than you know about yourself.
From personal experience, they sometimes get it wrong - correcting it is
almost impossible because one normally never ever knows.
And this little soap box has what to do with CentOS ?
On Oct 14, 2014, at 7:01 PM, Always Learning centos@u62.u22.net wrote:
On Tue, 2014-10-14 at 13:29 -0400, James B. Byrne wrote:
I apologize in advance for the subject and length of this reply. I debated just letting things pass without comment. But, security has many levels. And the first level is recognition of the threat.
Bravo Mr Byrne. Well expressed.
...... the first level of GOOD SECURITY is recognition of the threat.
I have always been convinced Windoze 95 was designed to be invaded by 'approved' sources.
I remember my often sad, frustrating days with bug-filled Windoze 95 and 98 (never went pass these) and seeing the existence of the 'history' files that users could not view because the M$ software prevented all user scrutiny of these files and associated directories on the user's own computer.
I was also curious why the instant the computer connected with 'The Internet', Micro$oft would automatically start recording, on the user's own computer, all details of that Internet connection and, I assume, the traffic too. However M$ deliberately prevented users viewing that material in Windoze.
Remember Word98, Excel98 etc. (I think it was) and the secret embedding of the user's M$ data (Windows serial number etc.) in those files ?
When I installed Windoze 8 on a news reporter's girl friend's computer, M$ wanted, yes it insisted, on her email address, her gender, the area she lived, her email address and I can't remember if M$ also demanded her date of birth. As part of the Windoze registration process M$ sent her an email to confirm the accuracy of her email address.
Don't forget M$, as part of the Windoze registration, records the serial number of the network card, the hard disk, the motherboard etc. etc.
Conversely Centos does none of that .... yet. Knowing a wee bit about Uncle Sam, it is going to be inevitable that the USA government pressurises RedHat to provide backdoor access. It is not 'never' but simply when if they haven't already tried.
Ebay registration in Holland, Europe, insists on a telephone number which it calls to give the new user an acceptance code to type-in. Seems an email address is not sufficient information.
Google is the biggest spying operation in the world, excluding the USA government (military and security community).
Despite all the spying the USA government ignored the Islamic State threat in the so-called 'Middle East' for almost a year .... obviously western people are more interesting to spy on than genuine terrorists murdering civilians every day of the week. Randy suggestions made by teenagers to each other are much more important to the ever-listening USA government than tackling active terrorists.
Every router has a backdoor or 'technical support' access. The existence is not always mentioned in manuals. Every USA virus checker allows USA government viruses through.
Yes, the secret organisations are protecting us against 911 but when the CIA knew about it in advance from a conversion in the Bahamas made by a drunk in a bar (dismissed at the time by the USA) and a telephone call from a prisoner in a German jail (don't know the USA's inaction excuse after receiving that tip-off), one wonders how efficient they really are.
Snowden's material showed the USA military murdering civilians (the video from the helicopter and the machine gunning without cause of the civilians). No wonder the USA will not participate in the International Criminal Court in Den Haag, Nederland.
I am not a terrorist and I do object to the UK government letting the USA and Google et al snop on UK residents. The UK is the USA's biggest external (outside the USA) spying base/processing centre in the world.
Yes catch the really bad people but stop storing enormous amounts of personal data on the innocent people.
Ever wondered why HDDs are so cheap ? Its because the USA government buys them by the factory load ! What for ? Recording all your personal data of course.
Have a nice day people and wonder how many times in a single day is Uncle Sam and affiliates storing new personal data on you and your family. Hey Uncle Sam knows more about you than you know about yourself.
From personal experience, they sometimes get it wrong - correcting it is
almost impossible because one normally never ever knows.
-- Regards,
Paul. England, EU.
Who watches The Watchers ?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Always Learning -
James B. Byrne -
William Woods