I do not like to rely on "NSA touched it" reasoning - that's too broad of a brush. That said, I have problems with SELinux - its fine-grained failure modes make understanding what the computer is doing difficult for me to understand. That said, given how little effort most people place into understanding how malware propagates, and solving those problems, it's also difficult to identify better alternatives. (Which leads me back to my original post in this thread.)
So... I think we have to assume that all software is not completely reliable. People are flawed, and the things we make are flawed. The trick is building resilience into your part of the system and then coping with the things you cannot control. But, yeah, we all make bad choices sometimes, and that's difficult to face. However, I strongly disagree with "only one way to __ it" reasoning. That inevitably turns out to be incorrect. It's often just an excuse for laziness. When you get into heavily optimized contexts, that does limit options, but there's always another way even if it's not the best way. Thanks, -- Raul On Fri, Nov 17, 2017 at 4:39 AM, Erling Hellenäs <[email protected]> wrote: > Hi all! > > I talked to a person who worked with security for the Swedish secret > service. > > According to him SELINUX could not be trusted since NSA participated in the > development. > > Which software can you trust and use? On which platform can you work? > > If the secret services of a country wants some information, they could get > it from any company within its jurisdiction? > > NSA wants everything? > > Which company can you trust? > > Every piece of information that passes a country border is filtered and what > NSA wants is sent to them? > > Can you use cloud services? > > Every character written in the address field in a browser is sent directly > to Google? > > Can you use web systems? > > Long ago most programs was Cobol. Mainly move sentences anyone could read > and control. I worked 5 years on IBM systems and hit ONE(1) platform > problem. I guess it was a memory problem in the mainframe. > > Now most programs are so complex no one could understand them entirely? A > totally uncomprehensive mess full of bugs? You are at the mercy of the > development environment? If it does not find the bugs you couldn't? And the > development environment does not find them all? > > So, however much you know, however clever you are and however much you try > to write a self-documented, commented, documented, readable, simple, well > tested program which follows all development and security best practices you > are not going to be able to write a resilient program? > > J has one clue to a possible solution - you get rid of all or most control > structures - where you could otherwise plant bugs. > > Another clue is to have a development environment tailored to the specific > problem domain. If you want a specific functionality there is only one way > to create it :) If it works you did it right. > > Cheers, > > Erling Hellenäs > > Den 2017-11-16 kl. 20:23, skrev Raul Miller: >> >> Eh... well, I suppose you could say the same thing of the entire internet. >> >> The internet, after all, had its origins as a DARPA project - that's >> the USA Department of Defense's Advance Research Project Agency... >> >> My question, though, is how to make our parts of it resilient to >> malware and so on. >> >> Thanks, >> > > ---------------------------------------------------------------------- > For information about J forums see http://www.jsoftware.com/forums.htm ---------------------------------------------------------------------- For information about J forums see http://www.jsoftware.com/forums.htm
