On Sat, 8 Aug 2015 05:14:21 PM Rick Moen wrote:
Open Source is the only chance not to lose privacy forever, and the biggest player, Linux, has crucial software replaced by a quite unruly mob. It will make it quiet hard to implement light-weight and safe IT solutions.
Snowden showed we've been far too complaisant about critical infrastructure security. The only way I know to improve that situation is attending to fundamentals: excess complexity/functionality, excess privilege, unnecessary trust, unnecessary code, lack of enforced policy, lack of well-planned and documented functionality and interconnections, default-permit, lack of alert monitoring, lack of roles with planned and defined rights.
What Snowden showed us is that too many people have been too complacent about the political process. Politics matters and the big 2 parties (in the US, here, and other places) don't offer the answers. The "lesser of 2 evils" will still support spying. The Snowden revelations have included little about OS level compromise and a lot about compromise of hardware that the vast majority of Linux users (including me) don't have the skill to oppose. Finally the vast majority of Linux systems are single user. That means Android phones/tablets and desktop PCs running GNOME, KDE, etc. There is no need to compromise init. As much as people like to complain about systemd being supposedly bloated it's a tiny fraction of the size of any desktop environment and has much less interaction with the outside world. A hostile party who compromises your MUA or web browser (both of which routinely and predictably process data from potentially hostile sources on the Internet) can probably do all the damage that they want to do to your system without root access. If a hostile party wants to gain root access to your PC what they will probably do is compromise your MUA or web browser and then try a local root exploit. The Linux kernel is much larger than systemd and has many more interfaces to sources of hostile data. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/