[CentOS] OT: systemd Poll - So Long, and Thanks for All the fish.

Sun Apr 16 13:51:31 UTC 2017
Andrew Holway <andrew.holway at gmail.com>

> There is no doubt that most security agencies have a long list of zero-
>> day exploits in their toolbox - I would hazard to suggest that they
>> wouldn't be doing their job if they didn't! But I seriously doubt they
>> would commission exploitable code in something that is openly
>> auditable.
>> P.
> P., I used to think that too... indeed, I was thoroughly convinced of it.
> But reality changed my mind.

Indeed. I think the assertion "OSS is somehow safer because of community
audit" is a logical fallacy. How would one go about "auditing" in the first
place? Even if the various Intelligence agencies are not injecting
vulnerabilities then they would certainly be in a strong position to
discover some of the holes already existing some time before they become

Unless you're operating an air gap network you can be damn sure that 'they'
can get into your systems if they really want to.