Re: [Trisquel-users] Replicant on Nexus One
Pretty much just follow the advice for installing cyanogenmod like unlocking bootloader if locked, installing custom recovery. Only thing thats a bit different is that your flashing an image file instead of a zip file.
Re: [Trisquel-users] Web Browser
> Netsurfy is clean as snow Also fast and lightweight. Unfortunately netsurf is missing in debian testing (buster) for now. It's included in stable and sid, so I assume this exclusion from testing is temporary. Will try it as soon as it appears in buster repos.
[Trisquel-users] What do you guys do about graphics cards
Hello everybody Okay so I have tried installing Trisquel on computers before and what I found is that the graphics card is often not properly supported so it can't power the full display resolution as the proprietary driver thats required to make it work has been removed. I have also found that getting multiple monitors to work is a problem as well as usually only one monitor is supported.
Re: [Trisquel-users] Web Browser
> Or maybe we could ask them > which about:config settings we need to clean/disable in order to > stop the chatter. That might work. Rather than calling it a bug report or feature request, it could be framed as a simple support request. You wouldn't be asking them to change anything about their software, just to explain how it works so that you can configure it to meet your needs. That information might then be useful to FF forks, or individual users, who may prefer for that configuration to be part of their default.
Re: [Trisquel-users] Are there any libre computers secure from/not affected by spectre and meltdown?
> https://developer.arm.com/support/security-update It didn't list > A20 and said non listed cpus aren't affected. Most arm cpus are > affected. It seems I was wrong then. I'm glad to hear it, as a Libre Tea is likely to be my next computer.
Re: [Trisquel-users] Vulnerable to meltdown?
> Just a theory: The moment I posted this, it occured to me that should it be the case, then the vulnerabilities made public would be highly localized and easy to fix with just a microcode upgrade. But the situation with meltdown and spectre is more complex, requiring both microcode upgrade and software changes, and all these don't even amount to a fix - they're just mitigation. Only a new CPU would fix it for good. So I take this theory back.
Re: [Trisquel-users] Vulnerable to meltdown?
> nobody knows if there is something worse > inside the microcode (maybe improved backd00r) Good point. It is also possible that meltdown and spectre were already long known by Intel and AMD, but only recently made public by them (via indirect channels) so that they get to install a better backdoor worlwide. Just a theory: Backdoor embedding "technology" evolves by time, and previous versions of various backdoors embedded in Intel and AMD CPU's have various shortcomings. Recently, they have perfected their backdoor techniques and want to implement this on billions of CPU's deployed worldwide. What is more convenient than making one of already known bugs public, thus forcing everyone to a microcode upgrade, thus installing their perfected backdoor worldwide? May be a conspiration theory, but not improbable at all.
Re: [Trisquel-users] Comodo antivirus for Linux
> The questions were a reply to Magic Banana who wasn't. Fair enough, I was mistaken on this point, then. I apologize. > So to you a conversation is worthy only if it is an argument? https://www.merriam-webster.com/dictionary/argument https://www.merriam-webster.com/dictionary/argue These are the relevant definitions for "argument" the way I am using the word: * the act or process of arguing, reasoning, or discussing * a coherent series of reasons, statements, or facts intended to support or establish a point of view * a reason given for or against a matter under discussion And the relevant definitions for "argue", the way I am using the word: * to give reasons for or against something * to give evidence of * to consider the pros and cons of * to prove or try to prove by giving reasons So with that in mind, I suspect that you are instead using the word "argument" to mean "an angry quarrel or disagreement", which is not what is happening here, and then conflating that definition (which I am not referring to when I use the words "argue" and "argument") with my use of the words. I assume this is unintentional. I have long grown weary of people who do this. It seems to be a common feature of young people these days to just immediately conflate the entire idea of argumentation with negativity and use this fallacy as an excuse to both refuse to argue anything, and demand for someone who is willing to argue to stop doing so. This is a destructive attitude, albeit one I assume is borne of ignorance rather than malice. So with that all in mind, when we're talking about a topic that two people disagree about, then, yes, a conversation which does not include argumentation is worthless. If neither of us is presenting arguments for our respective positions, we are not going to get any better of an understanding of each other's positions, much less be convinced to change our minds. > And intelligence means reading between the lines. Look at the overall attitude, don't just isolate a single word and analyze it separately. You talk about context, but you yourself are ignoring the much larger context that the "maybe malware" description comes straight from RMS's talks, where he doesn't imply "potential malware" to mean "definitely malware" and typically even specifically clarifies that it doesn't mean the latter. Instead you're inventing your own interpretation out of thin air, directly contradicting the literal interpretation of what was said. "Reading between the lines" is not an excuse for building up strawmen.
Re: [Trisquel-users] Whonix on trisquel?
Yeah I read through that, I was asking if there is another way to use whonix on trisquel without virtual box?
[Trisquel-users] Re : Whonix on trisquel?
See https://trisquel.info/forum/virtualbox-libreboot-wtrisquel
Re: [Trisquel-users] Are there any libre computers secure from/not affected by spectre and meltdown?
I was just going off the arm affected cpu list. https://developer.arm.com/support/security-update It didn't list A20 and said non listed cpus aren't affected. Most arm cpus are affected.
Re: [Trisquel-users] Are there any libre computers secure from/not affected by spectre and meltdown?
ask on the rhombus-tech/arm-netbook mailing list, i suspect luke can give you some answers about which socs are safe.
Re: [Trisquel-users] Are there any libre computers secure from/not affected by spectre and meltdown?
Okay.
Re: [Trisquel-users] Privacy/Security services and software
Some cool websites I have used to test for leaks with Tor and other solutions: www.whoer.net www.doileak.com www.check.torproject.org www.checkmytorrentip.upcoil.com www.ip6.nl These are good enough to know if there are some leaks in your system or not... Of course some applications might screw your privacy / anonymity in other ways...
[Trisquel-users] Whonix on trisquel?
Trying to put whonix on trisquel, seems it won’t work because virtual box won’t work on trisquel. Am I missing something? Is there another way to make it work?
Re: [Trisquel-users] Privacy/Security services and software
I wrote it in the style of reply to previous comment.
Re: [Trisquel-users] Are there any libre computers secure from/not affected by spectre and meltdown?
Avoid speculative execution. I believe MIPS doesn't do that. There are probably others - I have not looked. Why not make a list for us?
[Trisquel-users] Re : Jitsi Meet
There is software involved. It is free. Here is the source code: https://github.com/jitsi/jitsi-meet About privacy and security, README.md says: WebRTC today does not provide a way of conducting multiparty conversations with end-to-end encryption. As a matter of fact, unless you consistently vocally compare DTLS fingerprints with your peers, the same goes for one-to-one calls. As a result when using a Jitsi Meet instance, your stream is encrypted on the network but decrypted on the machine that hosts the bridge. The Jitsi Meet architecture allows you to deploy your own version, including all server components, and in that case your security guarantees will be roughly equivalent to these of a direct one-to-one WebRTC call. This is what's unique to Jitsi Meet in terms of security. The meet.jit.si service is maintained by the Jitsi team at Atlassian. Also, if you use a VPN, WebRTC (that Jitsi Meet uses) was leaking the real IP address; I do not know if it still the case. Anyway, you can use uBlock Origin that fixes that problem (among many other things): https://github.com/gorhill/uBlock/wiki/Prevent-WebRTC-from-leaking-local-IP-address
Re: [Trisquel-users] Jitsi Meet
I'm using Firefox 57, and, from a brief test, it seems to work fine. My concern is that the service is running via a web browser. There's no software involved, am I not right? Isn't this fact problematic from a point of view of privacy and security?
[Trisquel-users] Re : Jitsi Meet
Skype is proprietary software. Thanks to Edward Snowden, we know it is spyware (Microsoft changed Skype specifically for spying): https://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/#17b4ab2484e0 Jitsi Meet is free software, hence respectful of your freedoms. From that perspective, it is infinitely superior to Skype! However, it stopped working for me in Abrowser: https://trisquel.info/forum/videotelephony-trisquel-7 dsj19 suggested me Wire: https://trisquel.info/forum/videotelephony-trisquel-7#comment-126289 Wire looks OK, freedom-wise: https://trisquel.info/forum/videotelephony-trisquel-7#comment-126629 It is simple to install (although obviously harder than Jitsi Meet): https://trisquel.info/forum/videotelephony-trisquel-7#comment-126325 I tried it today for the first time. It perfectly worked. :-)
Re: [Trisquel-users] Are there any libre computers secure from/not affected by spectre and meltdown?
Libre Tea uses an ARM processor, so like pretty much all modern CPUs it is presumably affected by Spectre. Meltdown has been patched in the linux kernell; just make sure that yours isn't too old to have received the patch.
[Trisquel-users] Are there any libre computers secure from/not affected by spectre and meltdown?
Are there any libre computers secure from/not affected by spectre and meltdown? The only one I could think of is the libre tea card. I have a t400 and I know the thinkpads are all affected by spectre and meltdown.
[Trisquel-users] Jitsi Meet
What is your opinion of this online video conferencing service? What are its disadvantages? Is it a superior solution to Skype?
Re: [Trisquel-users] Web Browser
Thanks I am not sure if it is worth the waste the time of others. Isn't NetSurf not quite up to date with current web standards? Looking at http://www.netsurf-browser.org/documentation/progress.html (last updated 2012) I see it doesn't support HTML5, even CSS support is incomplete. Perhaps security is not up to date too... speed is not everything. What do you say?
Re: [Trisquel-users] Privacy/Security services and software
Yes. Commercial VPNs are no different.
Re: [Trisquel-users] Web Browser
Maybe if you paste the output here someone will be able to help you with the issue you are encountering during build time.
Re: [Trisquel-users] Web Browser
Good news. As long as one can compile it :)
Re: [Trisquel-users] Web Browser
> Another thought I had is to compare the about:config for Icecat and Tor Browser and see if changing some of Icecat's values to match that of Tor Browser can reduce background chatter. I have been thinking the same (but only about Tor comparison). Additionally I am planning to look at https://github.com/ghacksuserjs/ghacks-user.js The big problem is that all this means many reboots - to test each individual setting because when the chattering starts it seems to continue until I reboot. In earlier tests I tried simply running 'systemctl restart network.service' but after restarting the service the chattering continues. So if anyone of you who knows more about Linux networking internals has an idea how to restart only the network and not the whole machine, that would save me a huge amount of time. Otherwise I would have to reboot like crazy. Another thing which I was considering: filing a new bug report to Mozilla hoping that they may consider it properly if it is not about telemetry (their main argument). Or maybe we could ask them which about:config settings we need to clean/disable in order to stop the chatter.
Re: [Trisquel-users] Comodo antivirus for Linux
Good summary. I have been thinking the same as I also observe what is happening. Although I didn't agree with some of your previous post I intentionally didn't reply in order to avoid all that cycle. For similar reason I don't want to engage into argumentation. That's why I prefer to focus on facts, not on intelligent or unintelligent argumentation. The one problem with all that you suggest is: people tend to avoid disturbing facts. They usually invent various escapes - ideology, new words, anything just to be able to shut their senses and ignore the trouble. But the truth is that man changes only when he is facing the crisis, not when he keeps sleeping in the burning house. Let's get back to browsers indeed before someone shoots me through the screen. :)
Re: [Trisquel-users] Web Browser
Joe le Chitarra mate, just letting you know that Netsurfy is clean as snow, no 'chattering' no nada. cheers
Re: [Trisquel-users] Comodo antivirus for Linux
Could you all please stop arguing? My head hurds. My limited capacity cranium itches. That's not good. I'm extremely annoyed. Any of you who adds any new comment in this thread will see me personally appearing (tense, naked and furious) in their room with a hard copy of Comodo TotallyNotMalwareTrustUsSucker Antivirus ready to interject and inject. Trust me when I say it is not a very desirable experience and you DON'T want to go there. You have been warned. If double infringement, I will also bring Jodienda with me to make sure you meet your flying spaghetti creator in no time. Jodienda is particularly vicious and terrifying, you DON'T want to see the upset version of Jodienda
Re: [Trisquel-users] Privacy/Security services and software
>Medical Records you don't want your insurance company to know about? A new invention you are working on and don't want a big time company to steal from you? Protecting your source when you are a journalist brave enough to talk to people in life or death situations? Why do you need to get so theoretical and vague? How about: "I strongly believe in privacy. I believe what I browse, read, watch, listen to is **only my business** and no ISP, no State, no corporation should have the legal right to sniff my crap with their degenerate noses."
Re: [Trisquel-users] Privacy/Security services and software
>I wouldn't be surprised if some free VPNs are created/funded by those who you are trying to hide from Honeypot VPNs is nothing new. It has happened, it will happen. Do a brief search on the argument if interested. But how about commercial VPNs? Do you think that when sgt. Eye comes knocking a business which sole motive is business is going to pull the plug in order to protect your 5 monthly dollars?
Re: [Trisquel-users] Privacy/Security services and software
>I don't feel very OK with paying for a VPN https://riseup.net/en/donate#donate-cryptocurrency
Re: [Trisquel-users] Comodo antivirus for Linux
> heyjoe cannot properly study any specific problem. Even less fight against them. He ends up only complaining that the world is a terrible place. Worse, he apparently blames the four freedom for not being a perfect solution to all "the terrible things going on in the world" and therefore considers them moot. 1. You don't have the slightest idea what I can and cannot study. Nobody has asked about your personal evaluations too. 2. I have no obligation to fight for or against anything. So nobody has asked about how your unsolicited personal evaluations look in a different context. 3. By mixing your crooked interpretations with excerpts from the actual person's words and decorating them with words like "even less", "worse" you create a mess of unsolicited personal remarks, make conclusions based on all that ("apparently") and assign all this to the other person who was actually talking about something entirely different. You literally put words into the mouth of another and blame the other for that. I told you - I won't play this game. In another thread I told you also: if something is unclear - ask. This is the normal way people to understand each other. Not to invent something and tell the other "you are that" or "you think that" or "you are less/more".
Re: [Trisquel-users] Web Browser
> All this makes me think that such brute force cleanup in > about:config may be possible for other Firefox clones. Very interesting. Thanks for the time your putting into this. If we can determine exactly which changes were the one that fixed the problem, I think asking for those values to be the default in privacy-minded FF derivatives like Icecat and Abrowser would be a reasonable feature request. It might be worth requesting the same of Mozilla, since that would benefit all downstream forks, but I wouldn't count on them caring... > However as I > haven't read what each setting does, it may have some other > (probably negative) effects. Perhaps we should read about all that > and come up with settings which are both private and don't affect > functionality (if that is possible). I agree that we'd be better off determining the minimum set of values that need to be zeroed to prevent background chatter will be better than zeroing all of them, but what you've found is a great starting point. A binary-search-like approach of zeroing groups of values containing URLs might help identify the culprit(s). Another thought I had is to compare the about:config for Icecat and Tor Browser and see if changing some of Icecat's values to match that of Tor Browser can reduce background chatter. I'm in the middle of a busy couple of weeks, but I'll try to start hepling you on some of this soon.
Re: [Trisquel-users] Comodo antivirus for Linux
Arguments can be extremely useful tools for strengthening each other's understanding. They can become unproductive when the parties involved are more interested in avoiding concessions than advancing, but there is nothing wrong with arguments themselves. Both you and onpon4 have been arguing, and that's fine. She just acknowledges that that's what it is. If what you meant is indeed that these conversations are not advancing because others are indeed more interested in avoiding concessions, I would have to say that while any of us can be guilty of that at times, I seen some of this coming from your end as well. In general I think more benefit comes from assuming good faith, and I do not wish to offend you and risk you discontinuing the valuable information you have been providing about web browsers. However, it seems that there is one topic in which you end of going in circles with everyone with whom you discuss it. I think breaking down why this is happening will save time and energy for all of us. The general format is as follows: (1) You make a comment implying that the free software movement is impractical/naive/hypocritical/etc. (2) Someone explains why, although free software is imperfect, it is more trustworthy than proprietary software. (3) You understandbly feel misunderstood, because you had not claimed that proprietary software was better. You clarify that while freedom 1 allows us as a community to study some code that we use, we cannot study all of it, and that it is impossible at this point to avoid all proprietary software. (4) Someone notes that protecting yourself from some threats is better than accepting them, and that your only other option is to avoid all software. (5) You evade (4) by either (5a) generalizing with philosophical discussion to avoid specifics (5b) saying that mitigation is not good enough and we need some "new" system (5c) acccusing the other person of not understanding you or being disengenuous (6) They respond by (6a) getting caught up in the philosophical discussions, derailing the conversation (6b) saying that we would use a better system if we had it but don't at this time (6c) getting defenseive, derailing the conversation (7b) You urge us to help come up with a better system, as if we aren't already thinking and wouldn't have already shared better ideas if we had them. (8bi) In one instance this led to you creating a troll lounge thread that seemed interesting. I haven't checked back on it since my initial response but will get around to it. I'm not on the troll lounge mailing list so it's harder for me to keep track of threads there than with the main list. (8bii) In most other circumstances, you have returned to step (5), dreailing the discussion. (9) The discussion has been derailed. (10) Repeat, either in the same thread or in a different thread on this forum. I'm sure that you would frame this cycle a little differently. I don't claim to be perfectly objective. No one is. I certainly don't want to put all them blame on you. You must find steps (2), (4), amd (6) must be very frustrating. However, I think we can agree that some cycle resembling the above has taken place, and that we will just keep getting frustrated unless we break out of it or let it go for the time being. Personally, I do not think we will break out of it unless you refute or concede (4) without going to (5) or (7b). (7b) is asking us to refute (4) for you, and I would if I could. I hope you are right that there is a better way. While I think if you could refute (4) right now you would have already, I hope that eventually you or someone else can. Until then, I would prefer to focus on the information you have been providing about browsers, and I think this would be a better use of your time as well. In the absence of a perfect solution for web browsing, the information you provide about our current options is much appreciated. I'm sorry that I haven't contributed more by replicating your tests yet. In fact, I'll accept blame for feeding the above cycle by spending more time responding to your posts that I disagree with without contributing anything new than I have responding to your more constructive posts, while hypocritically telling you to focus on the constructive ones. I've been following and valuing your tests, but have been waiting until I have a chance to contribute my own to respond in detail. Honestly, I probably could have learned how to run your tests in the time I've spent writing long and redundant posts. My bad. I hope to get around to it by next weekend. Best, Mason
[Trisquel-users] Re : Comodo antivirus for Linux
Your post is in response of that of SuperTramp83, who wrote: I don't know about Bannanna but I am talking about a computer I have direct control upon. Indeed, *we* are talking about software in computers we have personal control upon. My previous post even started like that: The four freedoms aim to control, the best we can, the functional works we do by ourselves. Nothing more (but that is a lot!). They are no silver bullet against all "the terrible things going on in the world" (the mass surveillance, the filter bubble, Spectre and Meltdown, etc.). As far as I know, nobody pretends that. https://trisquel.info/forum/comodo-antivirus-linux#comment-126752 Yet, your reply is about "warfare", "spying" and "mass destruction". And now, I am the one taking your words out of context?! I use the third person to talk about you if my post replies to somebody else. In particular, https://trisquel.info/forum/comodo-antivirus-linux#comment-126752 is a reply to mason. "You" would stand for "mason" in that post.
Re: [Trisquel-users] family privacy Again
https://www.youtube.com/watch?v=8r-e2NDSTuE
Re: [Trisquel-users] Privacy/Security services and software
Basic security: pull the cord :)
Re: [Trisquel-users] Privacy/Security services and software
Thanks. I am looking to free my machines as much as possible but considering all the CPU issues and the lack of libreboot for any of them, I don't know how valuable the change of distro may be (currently openSUSE).
Re: [Trisquel-users] family privacy Again
Pascal and I can agree to disagree; his wager[1] still works: 1.)If I genuinely believed that a supreme deity who was keeping a list and checking it twice genuinely thought that I and everybody I cared about was naughty every time we tried to be nice, I would want to kick that (expletive) in the testicles. 2.)I don't like bitter, angry old people who hate the world any more than you do. Therefore: Oh look, a pretty butterfly. [1] https://en.wikipedia.org/wiki/Pascal%27s_Wager
Re: [Trisquel-users] Privacy/Security services and software
That's high level spionage... I am going more for protect against ISP and copyright trolls and basic script kiddies... You know the most basic stuff. Tor is not effective agaainst a global adversary either. I am talking about basic security.
Re: [Trisquel-users] Privacy/Security services and software
https://en.wikipedia.org/wiki/Key_size#Effect_of_quantum_computing_attacks_on_key_strength I remember also reading (or was it a video?) about a new technology which is already created which would allow to read information from a computer from the distance, even if you are not connected to a network. So as long as you are withing 50m of range of that spying device, even in your home, nothing can save you. Unfortunately I don't have the link to it.
Re: [Trisquel-users] Privacy/Security services and software
My understanding is that the only problem with Fedora is the kernel. This might be a valuable piece of information for you: https://www.fsfla.org/ikiwiki/selibre/linux-libre/freed-ora.en.html Fedora 27 is current and that is honestly all I know; someone else will be along shortly if you have questions.
Re: [Trisquel-users] Are Big Sacrifice
@alimiracle and Hayder: All fixed. noordinaryspider@Uruk:~$ uname -r 4.14.13-gnu.nonpae noordinaryspider@Uruk:~$ My X60 can probably handle pae and I'll get Jason's kernel when it's ready but this is fine for now. :) It's plenty peppy, whatever you did, and I haven't switched to a window manager or customized the Mate desktop at all, just added Icecat and a few of the usual suspects. I haven't maxed out the memory in this machine yet either, so this is with only two gigs. Libreboot takes me to a screen where I get a "more options" menu for Uruk so I can probably choose an older, faster kernel for offline use if I ever need to, but right now this suits me just fine. Now get some sleep. We "average joe"s need you to stay awesome. :)
Re: [Trisquel-users] Vulnerable to meltdown?
> Taking preventive measures seems practical to me. Of course. You don't go out naked in winter and dress after you freeze. You dress first. You have a direct experience to base you actions or. But with computers it is all based on recommendations (unless you write the program, in which case you create the update yourself). Vaccines have harmful effects BTW. A vaccine is practically a disease which you deliberately expose your body to, so that you force it to increase its immune protection. If we disregard the torture you are putting the body to, that may be practical but the fact is - vaccines are mixed with chemicals which are a form of poison to the body. It needs many years to clean from those. Software updates can also be harmful. The point is... in fields where expertise is needed we replace it with trust (where we started).
Re: [Trisquel-users] Privacy/Security services and software
That's why I have been wondering if it would be a stupid idea to use: 1, A free VPN encrypting all connections; 2. A free proxy in a torrent client (with encryption too); Something like My PC -> VPN -> Proxy -> internet It's very similar to what we do with Tor My Pc -> GuardRelay -> MiddleRelay -> ExitRelay -> Internet Now, of course Tor is a unique case, however the idea still holds.
Re: [Trisquel-users] Web Browser
New browser tested: Basilisk (by the vendor of Pale Moon) This one is very similar to the modern Firefox forks. Strangely some settings (like for accepting cookies) were not even available in Preferences, so I had to dig into about:config to find a setting to make the visible in the GUI. Results: After tightening of setting similar to all Firefox clones, there is background chattering BUT this time I decided to dig deeper. Following the procedure suggested by SuperTramp I still couldn't make chattering disappear. So in about:config I did some brute force cleaning: I zeroed all variables which contained URLs. There were 2-3 for which it wasn't possible, I don't know why, but for all others. Final result: + No background chattering on startup + No background chattering on opening preferences + Opening https://fsf.org/robots.txt or https://fsf.org communicates only with fsf.org All this makes me think that such brute force cleanup in about:config may be possible for other Firefox clones. However as I haven't read what each setting does, it may have some other (probably negative) effects. Perhaps we should read about all that and come up with settings which are both private and don't affect functionality (if that is possible).
Re: [Trisquel-users] Web Browser
It also had all telemetry flags disabled by default in about:config
Re: [Trisquel-users] Vulnerable to meltdown?
> That is not immediately practical. > It would be if you were in an actual situation which is threatening to your health. But are you? Or is it a fear that one day you may be (a non-fact ATM), so that you are taking preemptive measures? Taking preventive measures seems practical to me. Whether those measures are a vaccine or software security update.
Re: [Trisquel-users] Privacy/Security services and software
I wouldn't be surprised if some free VPNs are created/funded by those who you are trying to hide from... One should be very careful with 'free' things.
Re: [Trisquel-users] Vulnerable to meltdown?
> Then let’s extend the metaphor to the immediately practical. I haven't seen a poliovirus, but I trust getting a polio vaccine will help prevent me from getting polio. That is not immediately practical. It would be if you were in an actual situation which is threatening to your health. But are you? Or is it a fear that one day you may be (a non-fact ATM), so that you are taking preemptive measures? Similarly governments take preemptive measure to spy on everyone, just in case.
Re: [Trisquel-users] Comodo antivirus for Linux
> No, they were put to someone who was joking and specifically told you so. No. It was SuperTramp83 who was joking. The questions were a reply to Magic Banana who wasn't. > Look, if you aren't willing to argue the point, then this conversation is worthless. So to you a conversation is worthy only if it is an argument? Sorry, I don't look at things this way. I think I said what I mean quite clearly. If you feel something is not clear - ask. But if you are willing to argue, so that I can argue back, so that you can hopefully clear the misunderstanding - this is stupid. > "Maybe" does not mean "most certainly". And intelligence means reading between the lines. Look at the overall attitude, don't just isolate a single word and analyze it separately.
Re: [Trisquel-users] Comodo antivirus for Linux
> But that is certainly not a reason to "remove the 'ethics' and 'freedom'". "that" is not a reason because your "that" is not what I explained. On various occasions I notice that you like to take my words out of context and gently push their meaning into a completely different one, then provide some proof that in the other context they are wrong. Of course you like the context to be convenient enough, so others who misunderstand my words can stick to yours. Initially I thought that you were doing it because of misunderstanding, so I explained more and more. But you keep doing it even after lots of explanations and considering the previous and recent disrespectful comments made in 3rd person which you allow yourself to make, I understand that I was wrong in my initial assumption. In any case I won't play this game with you. If you keep doing it, I simply won't answer. So much for 'ethics'.
Re: [Trisquel-users] Vulnerable to meltdown?
> Those are all things which have no or very little relation to your life. So trust or no trust - it really doesn't expose you to any risk. But when your life is based on a computer which can be modified remotely by an evil expert and so create a disaster for you - that is something entirely different. It is like sleeping with a tiger in the room and trusting that it won't eat you. Then let’s extend the metaphor to the immediately practical. I haven't seen a poliovirus, but I trust getting a polio vaccine will help prevent me from getting polio. Why? Because I have a basic scientific mindset and since science is at its core communal I have trust in the scientific community. (With all the necessary caveats) Similar concepts apply to free/libre software community and its approach to security. > I am not so sure. For the moment there have been only verbal confirmations by only a few parties. We will see. It is still pretty early in the process. But yes, certainly something to keep an eye out on.
Re: [Trisquel-users] Vulnerable to meltdown?
> I haven't directly seen an electron or the dwarf planet Pluto. I haven't been to Thailand or Angola. Nor have I touched the original Rosetta Stone or Terracotta Army. Those are all things which have no or very little relation to your life. So trust or no trust - it really doesn't expose you to any risk. But when your life is based on a computer which can be modified remotely by an evil expert and so create a disaster for you - that is something entirely different. It is like sleeping with a tiger in the room and trusting that it won't eat you. > and it appears is being taken seriously. I am not so sure. For the moment there have been only verbal confirmations by only a few parties. We will see.
Re: [Trisquel-users] Privacy/Security services and software
Tor is for what? Medical Records you don't want your insurance company to know about? A new invention you are working on and don't want a big time company to steal from you? Protecting your source when you are a journalist brave enough to talk to people in life or death situations? Just couldn't understand your problem with Tor...
Re: [Trisquel-users] Privacy/Security services and software
Yeah, I noticed that much, webrtc was propably the culprit. But it only happened once and now I am using a couple ufw rules to prevent that kind of thing to happen again. Thanks!
Re: [Trisquel-users] Privacy/Security services and software
Hey quantumgravity, Thanks for putting the conversation back on track ;) Well, that ended up being my option using VPN + Tor, using only VPN for some stuff. Some people above mentioned I should "use bittorrent links to download ISO" but they forget that I was looking for a PRIVATE way of downloading it. Using bittorrent without any additional protection is like screaming out the window "I AM DOWNLOADING THIS AND THAT!" And before you mention legal vs illegal downloads... I have seen people being harassed because of LEGAL donwloads. Makes no sense, but it did happen. SuperTramp actually helped me getting things running in the VPN department. Thanks man! I don't feel very OK with paying for a VPN... You not only disclose your IP to them and give them a chance of recording your traffic, you ALSO identify yourself in the payment process. You will never have the chance to say "I was not the one using the VPN on my IP" because they have your credit card (or whatever) information. In that regard I would prefer a free VPN, because at least either you are screwed from the get go (as in they will sell all your info to pay for the service) or they actually have nothing to use against you. These days there are some free VPN that MIGHT (a big MIGHT) be worthy a little trust. A great solution would be to use 2 VPN in sequence... like configuring a tunnel, connecting to one and using that IP to connect to the other which would then connect to the internet (a little like Tor circuit). But from what I know that is impossible... right? Unless one has a local proxy working in an app or something, which certainly some people will know more about than me.
[Trisquel-users] Re : Comodo antivirus for Linux
Trusting the free software community or trusting one single proprietary software company is indeed analog to trusting all citizens (democracy) or trusting one single dictator. You can say it is the same because it is trusting in both cases. It is not. The users/citizens deserves the control on their computing/government. They deserve to decide for themselves. Dictator/proprietary software developers deny that control, which is unjust. That does not mean free software/democracy is perfect. Even less that it is the solution to all problems. But that is certainly not a reason to "remove the 'ethics' and 'freedom'".
Re: [Trisquel-users] Vulnerable to meltdown?
> FSF proponents here would argue that through trust (in so called community) you get the necessary certainty. But as I have said on other occasions - trust is a belief. It creates more uncertainty as it is not based on direct observation but on an idea. When you look a the tree outside your house - there is nothing to trust or believe. The tree is there, you can see it, touch it. You don't need a community of experts to provide certifications and endorsements that there is a tree. Well you do have to trust your senses. That you aren't having an hallucination or a dream, for instance. But more importantly there are plenty of things you can "trust" (in a qualified sense) that you don't interact with directly. I haven't directly seen an electron or the dwarf planet Pluto. I haven't been to Thailand or Angola. Nor have I touched the original Rosetta Stone or Terracotta Army. Nor have That doesn't mean that I am "wrong" to trust that those things are real. All of those things can be verified by a community of scientists, cartographers, historians, and archeologists because they are by their nature open to peer review, in both its formal and informal sense. One does not need to fall into the trap of solipsism, instead we can have various degrees of trust. To bring it back to software, I have not read the millions of lines of code in the software I use. But I "trust" in the free/libre community of programmers to find flaws in them. Is it perfect? Of course not. Can it be improved? Yes, auditing software for security flaws should be an extremely important part of software design. (Just like replicability should have an even more important role in science) Is it the best we have? It appears that way. In fact your test of various browsers for leaking information is a great example of this. You, a member of the free/libre community even as an amateur, found a problem, reported it, and it appears is being taken seriously. Thank you for that.
Re: [Trisquel-users] Comodo antivirus for Linux
> The questions weren't even put to you specifically No, they were put to someone who was joking and specifically told you so. That's why I didn't feel the need to refute every single thing you said. Just those two because they stood out to me. Look, if you aren't willing to argue the point, then this conversation is worthless. > 'maybe malware' which really means 'it is most certainly malware' "Maybe" does not mean "most certainly". https://www.merriam-webster.com/dictionary/maybe https://www.merriam-webster.com/dictionary/certainly
Re: [Trisquel-users] Vulnerable to meltdown?
Maybe there is no forum either. Hey, someone is typing! (or not?)
Re: [Trisquel-users] Comodo antivirus for Linux
> but I also guess you do have thousands of users who pay enough attention and care enough as to use the tools ('member when we used tcpdump for firecox?) I don't know what this guess is based on. The fact is: only one user checked it and he is not an expert whatsoever. This proves that the experts from the so called community simply can't be trusted as they don't have the listed qualities. That's what makes the so called 'community control' and 'trust in community' pretty much a wishful thinking. Then again, in order to ensure the qualities are there, a central figure must exist to evaluate the people and again - this creates the need for a controller, a central unit. Do you see the contradictory nature of all this? > With proprietary sosware you can not, you can only suck it up. From the perspective of possibility - yes. But you can still test a proprietary browser with tcpdump in the exact same way. And it may be surprised (which is unlikely but still possible). Please - I am not defending closed programs, they are a black box. I am just saying that possibility seems to be generally considered as "then someone has done it" which creates an overall irresponsibility.
Re: [Trisquel-users] Comodo antivirus for Linux
The question is trust and freedom. Trusting one thing and not trusting another is a double standard. Someone said "freedom is these 4 things" and people conform to trust "a community" and to hate "a company" because the person has said "this is ethical". It may sound outrageous but to me this is sheer nonsense. If ethics and so on should be discussed then a totally new social design is necessary. If one pays taxes one supports creation of weapons and proprietary systems for warfare. What ethics? We elect these people, they spy on us, create mass destruction and we fight in a forum "which program is more ethical". The very fact that clarifications like "Free as in speech, not as in beer" are necessary is a proof that not only language but also the concepts on which society is based are crooked. So we must either remove the 'ethics' and 'freedom' and talk only about technology, or we must question every single aspect of life down to the core. Anything in between is a mess and can never be perfect (the word perfect meaning: full, complete).
Re: [Trisquel-users] Comodo antivirus for Linux
>I doubt that. And that's good. >But do you really have 1000 programmers to check that program I guess you don't but I also guess you do have thousands of users who pay enough attention and care enough as to use the tools ('member when we used tcpdump for firecox?) they have at hand to check and see whether a software is doing something suspicious/misbehaving and then they can also say 'holly cannoli, why this, let's check the source maybe, or let's contact someone so they can check'. With proprietary sosware you can not, you can only suck it up. The situation is not ideal, but it's the best we can. I do strongly believe the following, I also believe one does not need to be a genius or a programmer to understand it: the more lines of code the greater the possibility of bugs. Just as with normal written text, the larger is the text you rote the larger the probability of typos, grammatical errors etc
Re: [Trisquel-users] Vulnerable to meltdown?
>The tree is there, you can see it, touch it. You don't need a community of experts to provide certifications and endorsements that there is a tree. I beg to differ I can easily go full-shit-philosophical about it until I really convince my self there really is no tree and no observer either :P
Re: [Trisquel-users] Comodo antivirus for Linux
Collectively - how does this actually work? Say: 10 million lines of code for a program 10 programmers 1M lines each 100 programmers 100k lines each 1000 programmers 10k lines each (that looks feasible) But do you really have 1000 programmers to check that program all of which are: - totally unrelated to the original vendor - absolutely unbiased - really and deeply concerned - ready to work for free - careful not to miss a slightest detail - incorruptible I doubt that. I have interviewed people to work with mean in a small team and I know how difficult it is to find even a single person who is a fairly decent human being (due to so many factors). 1000 such people seems an impossible task. So with the increasing of complexity the factor of uncertainty rises too. A simple text editor will likely be more safe than a kernel. Paradoxically - we put ultimate trust in the more complex thing and assign it as a controller of the simpler systems.
Re: [Trisquel-users] Comodo antivirus for Linux
>They all proprietary design and have computers full of proprietary hardware and software, so according to your conclusion - 'maybe malware'. Well, your reasoning is not very sound here. I don't know about Bannanna but I am talking about a computer I have direct control upon. It is very different. I don't drink Cola, or its Nazi variant 'Fanta' btw :P I also have never said that anything other than software has to be free. I might think that, but I have never said that food or planes or buses or grandmas have to be free or that I have to need a recipe for them.
Re: [Trisquel-users] Vulnerable to meltdown?
> Then how can we depend on the possibility of catching usage of undocumented instructions in Intel's binary code base? FSF proponents here would argue that through trust (in so called community) you get the necessary certainty. But as I have said on other occasions - trust is a belief. It creates more uncertainty as it is not based on direct observation but on an idea. When you look a the tree outside your house - there is nothing to trust or believe. The tree is there, you can see it, touch it. You don't need a community of experts to provide certifications and endorsements that there is a tree. > It really boils down to the fact that with a proprietary microcode/architecture, no higher level security scheme would hold water against Intel or any entity they cooperate with. With such an architecture, all the security measures, actual or perceived, goes out of the window. Sorry to say that. Exactly. That's why it is utterly meaningless to fight over which distro/package is more free or move to 10 year old computers with 8Gb of RAM which are still vulnerable and imperfect. As long as the technological complexity is so high that one must trust experts and therefore be dependent, there can never be real freedom and security. One is free and secure only when one can see directly, not through authority, ideals and theories about noble fights.
Re: [Trisquel-users] Privacy/Security services and software
Well, I will try to get back to the topic: it depends on the level of privacy you desire. A VPN (I use NordVPN) is normally enough for me. Maybe it's an option to use VPN + Tor for smaller files and browsing, while sticking with normal VPN for downloading large files?
Re: [Trisquel-users] Comodo antivirus for Linux
> Proprietary software is like if they give you a recipe, but in a form that you can't read; It's not the first time you bring forward this argument. Do note that freedom 1 is rarely, and for clear reasons of lack of knowledge, time and limited human capacity, exercised individually but rather collectively. A developer will think 10 times before shipping anything malicious in their source code. What you should worry about is the binaries you commonly install. Do they really correspond to the source? How much exactly are you trusting the maintainers of your distribution? https://wiki.debian.org/ReproducibleBuilds/About
Re: [Trisquel-users] family privacy Again
You touch a very important point indeed, joe. God is indeed almighty for he/she (I prefer 'it) is omnipresent and omniscient. >The more I look at what is happening, the more I think: the only salvation is some deep genetic mutation which would make human species into something else. Well, I retired into a cave, I have tons of cans and my laptop, I rarely see the light of the day (only when my Internet connection goes down, doesn't happen very often). The mutation has already started, a third is growing (which is quite useful so I can sip on my soda while typing this ^^
Re: [Trisquel-users] Vulnerable to meltdown?
>The problem is that no body can see the code of that crap, nobody knows if there is something worse inside the microcode (maybe improved backd00r). So I won't use microcrap. So maybe we are f***ed. Hehe, right? In order to fix a vulnerability you install a backdoor \o/ That would be very funny indeed.
Re: [Trisquel-users] Vulnerable to meltdown?
..ughhh, which reminded me I need to tcpdump da netsurfy, meh.
[Trisquel-users] Re : Comodo antivirus for Linux
A reference (research paper published in 2015, focusing on proprietary programs distributed through "app stores"): Our analysis shows that 60% of the paid apps are connected to trackers that collect personal information compared to 85%–95% in free apps. We further show that approximately 20% of the paid apps are connected to more than three trackers. With tracking being pervasive in both free and paid apps, we then quantify the aggregated privacy leakages associated with individual users. Using the data of user installed apps of over 300 smartphone users, we show that 50% of the users are exposed to more than 25 trackers which can result in significant leakages of privacy. http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf
Re: [Trisquel-users] Comodo antivirus for Linux
> Why do you even bother responding if you're not going to actually refute my reasoning? I am not interested in fighting with you, regardless if you consider that the only valid reason for providing a response. I am getting tired of all this. It is impossible to discuss anything intelligently and sanely if one side is attached to the authority of a person/organization/rule-set/ideology. Talking about freedom is not freedom, especially if one refuses to look at things freely, without evaluating everything through a set of 10 (or 4) commandments. > I don't think your other points are worth the investment of time and effort needed to respond to them. The questions weren't even put to you specifically, so if you are replying just to underline how worthless they are such reply hardly has any value. It is utterly stupid to say that every proprietary program is 'maybe malware' which really means 'it is most certainly malware'. I can write print("Hello world") and compile it, close it, encrypt it, put a limit to its use and sell it for $1. Is that malware? Can it spy on you or harm you in any way? Don't answer to me. Answer for yourself. That doesn't mean I encourage proprietary things, I don't. But I discourage even more one not using one's brain and sanity for the sake of conforming to whatever ideology. Ideologies are limiting, they are more dangerous than proprietary things because deny the possibility of man to look at thing objectively, without bias. > You're just looking for excuses to dismiss my arguments. Your so called arguments are only aimed to be that - arguments, on a verbal, superficial level. They show you have not looked at the depth of the questions and what is behind the written text (which was the whole idea). So I don't need an excuse for not replying to a reply which was aimed only to twist the context of the original questions in a direction in which you simply feel comfortable to argue. > You're trying to prove that libre software ideals are impractical It is much more than that. They are impossible. You can't put the unlimited in the limited and call it free, or libre, or whatever fancy word one may like. Man has tried that for thousands of years. It never worked and it never will.
[Trisquel-users] Re : Comodo antivirus for Linux
Malware, short for malicious software, is an umbrella term used to refer to a variety of forms of harmful or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. https://en.wikipedia.org/wiki/Malware
Re: [Trisquel-users] family privacy Again
> It's not a good feeling when you get up every morning knowing that your own government is tracking you. They told me later 'we knew when you got up, we knew when you left your house, we knew which vehicles you used, where you stopped, where you shopped', for every electronic communication was being monitored, on a 24/7 bases, including my phone. > Where do you go in that regime? Where do you go? Where do you go? Where is a safe place? Where do you go to be yourself? Those "nothing to hide" (or "nowhere to hide" as you say) people generally have no or very little concern about their government tracking them. > If you think you are innocent, or that you have nothing to hide, you do not understand what is happening. Justice, like truth, in this system is not relevant. Ask Chelsea Manning, Julian Assange or Edward Snowden, along with whistle-blowers like Thomas Drake, where justice and truth got them. "whistle-blower" is the keyword. Not many people decide to disclose secret information or do something else that bother their government, they don't believe that things happened to Manning, Assange or Snowden can apply to them, not to mention some of them have no respect for whistle-blowers.