Hi Russell,

I find your argumentation quite weird.. "even if there is an issue, there are others in the system". With your background, it is certainly astonishing.

If there is a problem with a flimsy door lock it does not matter whether the windows are secured by metal bar. The burglar looks for weak spots.

A subsystem which starts and stops networks, adds keyboards or mounts USB sticks, logs all information and shuts down the system is quite important and I do not like it when it is difficult to configure and may not work as expected or even worse not deterministic.

These days it takes a half-day course just to figure out how to stop DHCP and give a static IP address on a Linux live CD.

Compare it to a basic; "kill <dhcp_pid>, ifconfig <if> .." on a FreeBSD live CD. Worked since I used FreeBSD in 1999 (and I guess much longer).

Or how to disable a mousepad on a laptop: some weird XML file under /etc/hal2000/conf.d/NotANameIremember.conf.

Of course it has to be XML because this is most easy to ready for humans (or better: an adaptation of human life to the way machines like it presented)

I simply find hardware configuration on Linux systems disgusting.

And it is not really good if things are "too hard to understand" and quite often not really documented, and just have an air of "just trust me" around them.

It's also unsafe then.

No sysadmin should put up with this crap.

Regards
Peter



On Sun, Aug 9, 2015 at 3:32 PM, Russell Coker <russell@coker.com.au> wrote:
On Sat, 8 Aug 2015 05:14:21 PM Rick Moen wrote:
> > Open Source is the only chance not to lose privacy forever, and the
> > biggest player, Linux, has crucial software replaced by a quite unruly
> > mob. It will make it quiet hard to implement light-weight and safe IT
> > solutions.
>
> Snowden showed we've been far too complaisant about critical
> infrastructure security.  The only way I know to improve that situation
> is attending to fundamentals:  excess complexity/functionality, excess
> privilege, unnecessary trust, unnecessary code, lack of enforced policy,
> lack of well-planned and documented functionality and interconnections,
> default-permit, lack of alert monitoring, lack of roles with planned and
> defined rights.

What Snowden showed us is that too many people have been too complacent about
the political process.  Politics matters and the big 2 parties (in the US,
here, and other places) don't offer the answers.  The "lesser of 2 evils" will
still support spying.

The Snowden revelations have included little about OS level compromise and a
lot about compromise of hardware that the vast majority of Linux users
(including me) don't have the skill to oppose.

Finally the vast majority of Linux systems are single user.  That means
Android phones/tablets and desktop PCs running GNOME, KDE, etc.  There is no
need to compromise init.  As much as people like to complain about systemd
being supposedly bloated it's a tiny fraction of the size of any desktop
environment and has much less interaction with the outside world.  A hostile
party who compromises your MUA or web browser (both of which routinely and
predictably process data from potentially hostile sources on the Internet) can
probably do all the damage that they want to do to your system without root
access.

If a hostile party wants to gain root access to your PC what they will
probably do is compromise your MUA or web browser and then try a local root
exploit.  The Linux kernel is much larger than systemd and has many more
interfaces to sources of hostile data.

--
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/
_______________________________________________
luv-main mailing list
luv-main@luv.asn.au
http://lists.luv.asn.au/listinfo/luv-main