[CentOS] OT: systemd Poll - So Long, and Thanks for All the fish.

Sun Apr 16 17:25:32 UTC 2017
Pete Biggs <pete at biggs.org.uk>

> Indeed. I think the assertion "OSS is somehow safer because of community
> audit" is a logical fallacy. How would one go about "auditing" in the first
> place?

There are tools to audit source code for problems - OSS is safer
*because* the source is available and can be audited. 

>  Even if the various Intelligence agencies are not injecting
> vulnerabilities then they would certainly be in a strong position to
> discover some of the holes already existing some time before they become
> public.

Yes. And despite what people think, those agencies don't have super
powers. They have tools to help them, and lots of resources, but
nothing out of the ordinary. There is nothing that the NSA can do that
can't be done by other agencies or even individuals (or enough
individuals working together).

There is no doubt that every single security agency in the world has a
team working on discovering exploitable code in all operating systems.
It's what they do. Any exploit they find that has been reported is
probably because some other agency has found it as well so they want to
stop them using it.

> Unless you're operating an air gap network you can be damn sure that 'they'
> can get into your systems if they really want to.

The only truly secure machine is one that is at the bottom of a mine
shaft, turned off and dismantled. :-)