Re: Turning off SELINUX
Allegedly, on or about 08 September 2013, g sent: imagine how big sputnik would have been if the Russians had to use a bunch of tubes and batteries :=D Apparently a captured Russian aircraft was found to be full of valve based equipment, to the bewilderment of those who caught it, wondering if they were really that far behind. Later they'd find out that it was deliberate, as that technology was more robust against EMP. At college, we were told an amusing tale about how the Russians had worked their way around the embargo of selling certain ICs to them. Empty pinball machines were found around their embassy, after they gutted them for the parts. Leading to a wag in the back of our class miming how he thought the Russians launched their missiles - pulling back the spring loaded ball-bearing launcher, and letting go. -- All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On Thu, Sep 05, 2013 at 04:58:17PM -0500, Javier Perez wrote: I know SELinux is not about encryption, it is about limiting access to the system AFTER a breach has ocurred. (That is my understanding AFAIK, and that is why I think it is a good idea). My beef is given the NSA origin of this software, It could very well have a backdoor to turn itself off under the appropriate circumstances like an NSA-sponsored breach an allow unrestricted access to my system.. Then by turning SELinux off you've spared any such intruder the necessary step of using that backdoor. -- Darryl L. Pierce mcpie...@gmail.com http://mcpierce.fedorapeople.org/ What do you care what people think, Mr. Feynman? pgpXH7vwWrbV6.pgp Description: PGP signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
Allegedly, on or about 07 September 2013, g sent: i know that feeling. similarly, i had a skin effect experience when i put my hand on a van de graaff generator at the Chicago Museum of Science and Industry. I had my revenge on my unfriendly classmates at school with a Van de Graaff generator. ;-) While they were all daisy-chained to each other, standing on plastic boxes, with one on the end touching the generator, as part of a practical demo, I grabbed the water pipe and the person on the other end. They all sprang apart in a hurry. not so good a feeling was having touched the low voltage rectifier in the high voltage section a a tv with palm of my left hand. that went straight to the bones in my hand and exited from my foot thru 3 nails in heal of my shoe to a floor furnace. i had the burn marks in both for well over 40 years. I hate switchmode power supplies. Electrically noisy, high voltage, high current, painful operating frequencies, or DC, live heatsinks... You have to be damn careful working on them. I'm not sure which is worse, them or TV set EHTs. it is a shame that most of 'tech heads' of today know very little of such, thanks to the needs of the aero space rocket launches. Yes, if they hadn't needed to cram a computer into a tiny space capsule, and had the money to fund the research, I don't know how long it would have been before we got ICs. -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/08/2013 06:51 AM, Tim wrote: I had my revenge on my unfriendly classmates at school with a Van de Graaff generator. ;-) While they were all daisy-chained to each other, standing on plastic boxes, with one on the end touching the generator, as part of a practical demo, I grabbed the water pipe and the person on the other end. They all sprang apart in a hurry. and a good thing the current was very low or no one would have let go. :=) two brothers, bill and clarence, owners of the tv repair service that i learned repair, were born and raised in the country. clarence learned a weird way to turn off tractor when he was finished plowing and showed me one day with one of the 6 cylinder service vans. with engine running, he placed his thumbs on engine block, then 1st and 4th fingers of each hand on a spark plug/wire connection. he shook like a spastic, but engine did die down and quit. weird to watch, but a good laugh after. I hate switchmode power supplies. Electrically noisy, high voltage, high current, painful operating frequencies, or DC, live heatsinks... You have to be damn careful working on them. I'm not sure which is worse, them or TV set EHTs. not to mention that they can be a bear to find what is wrong to fix when they stop working. i believe the only reason they are used in computers is that with out huge metal transformers, they are inexpensive and no worry about ac ripple from supplies when dc caps start to go out. Yes, if they hadn't needed to cram a computer into a tiny space capsule, and had the money to fund the research, I don't know how long it would have been before we got ICs. imagine how big sputnik would have been if the Russians had to use a bunch of tubes and batteries :=D -- peace out. in a world with out fences, who needs gates. sl6.3 linux tc.hago. g . -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 05/09/13 23:41, Javier Perez wrote: After reading this, I am turning off SELINUX http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security Until I hear of a thorough code review by a non-USA team of this code, I do not feel safe using it, privacy wise. It's a pity because SELINUX is a good idea. How do you know that turning it off actually does so? It's still built into the kernel you're running. signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/06/2013 10:41 PM, g wrote: when i descended ladder, staying well clear of antenna wire, i looked down at water and caught glimpses of some fishes with their bio luminescence. another great sight. I remember seeing that when I was in Tonkin Gulf, back in '72. Never saw any St. Elmo's fire, but lots of that bio luminescence. Once we were keeping station around a specific point in a dead calm, with a fog bank centered on where we were supposed to be. Every time we came out of the fog, it was time to turn back and take another pass. In and out of that fog for three or four days. Boring! -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/07/2013 02:38 PM, Mike Dwiggins wrote: I tried some of this stuff while in the service and almost got busted! Foil on a 5-ton hut did not work well! Mike D. Exactly! Proof that foil trick's been foiled. Returning to the original discussion about foiling the NSA. If you try to foil them they'll try harder. Remember you cannot stop recalcitrant gamma particles no matter what! If they put robots on gamma particles we're all screwed. R -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
hello, Joe. ;=) On 09/07/2013 02:46 AM, Joe Zeff wrote: On 09/06/2013 10:41 PM, g wrote: when i descended ladder, staying well clear of antenna wire, i looked down at water and caught glimpses of some fishes with their bio luminescence. another great sight. I remember seeing that when I was in Tonkin Gulf, back in '72. Never saw any St. Elmo's fire, but lots of that bio luminescence. Once we were keeping station around a specific point in a dead calm, with a fog bank centered on where we were supposed to be. Every time we came out of the fog, it was time to turn back and take another pass. In and out of that fog for three or four days. Boring! we never went out during any form of fog. no radar or sonar on the boats. yes, heavy fog tends to 'short out'/'suppress' St. Elmo's Fire. Tonkin Gulf sounded familiar, so i ran a search. you were there around the time of 'delimitation'. had it been 1964. it would not have been so Boring!. -- peace out. in a world with out fences, who needs gates. sl6.3 linux tc.hago. g . -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
Allegedly, on or about 07 September 2013, g sent: for some reason or other, i decided to climb up on top of bridge. along side of ladder was cable for antenna. while climbing up, i kept getting a stinging on my ear, so i swatted at what i thought were mosquitos. after looking around horizon, i looked up into sky to observe the many stars. that is when i notice St. Elmo's fire off end of antenna. i move over to antenna wire, looked closely and saw a faint but clearly visible blue static around wire. I can remember the lovely lilac corona you could get when you poked the end of a screwdriver *near* the tripler in a CRT set. Tens of thousands of volts going *almost* through you (more like around the outside of you, rather than through your innards), but you were the conductor, though you couldn't really feel a thing. There'd, also, be a rather ominous screeching noise from the electronics. -- All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/07/2013 06:39 AM, Tim wrote: I can remember the lovely lilac corona you could get when you poked the end of a screwdriver *near* the tripler in a CRT set. Tens of thousands of volts going *almost* through you (more like around the outside of you, rather than through your innards), but you were the conductor, though you couldn't really feel a thing. There'd, also, be a rather ominous screeching noise from the electronics. i know that feeling. similarly, i had a skin effect experience when i put my hand on a van de graaff generator at the Chicago Museum of Science and Industry. [as a side note, i know the man, Steve Worack, Circuitron, Inc., who built the model railroad exhibit. a neighbor from when we lived in North Riverside, IL.] not so good a feeling was having touched the low voltage rectifier in the high voltage section a a tv with palm of my left hand. that went straight to the bones in my hand and exited from my foot thru 3 nails in heal of my shoe to a floor furnace. i had the burn marks in both for well over 40 years. if you want to reminisce about tubes; http://en.wikipedia.org/wiki/Vacuum_tubes http://en.wikipedia.org/wiki/List_of_vacuum_tubes i still have my first and last RCA and GE tube manuals stored in my historical storage boxes along with my RCA and GE semiconductor manuals. hell, even a lot of my ic manuals are now outdated. i guess i will have to do some relabeling of the boxes. :=) it is a shame that most of 'tech heads' of today know very little of such, thanks to the needs of the aero space rocket launches. sure would be nice if fedoraproject would create a 'general' list like mozilla did. then reminiscing would not be a thread unraveler. ;=) -- peace out. in a world with out fences, who needs gates. sl6.3 linux tc.hago. g . -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On Sat, 07 Sep 2013 10:15:32 -0500 g wrote: sure would be nice if fedoraproject would create a 'general' list like mozilla did. then reminiscing would not be a thread unraveler. ;=) Well, to get back on topic then, I'll just point out for the tin foil hat folks that the selinux libraries are linked into your executables even if you turn selinux off. Who knows how mad they will get when they find at runtime that you've turned off selinux? :-). Obviously your only real hope is to switch to gentoo linux and fixup all your source build patterns to disable compiling and of the selinux code. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/07/2013 03:31 AM, g wrote: Tonkin Gulf sounded familiar, so i ran a search. you were there around the time of 'delimitation'. had it been 1964. it would not have been so Boring!. Steaming in and out of a fog bank was boring. I suggest that you read up on the Easter Offensive, because I was on one of the 38 ships supporting the ARVN at that time. If it weren't for that, I probably wouldn't have lost part of my hearing. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/07/2013 02:00 PM, g wrote: On 09/07/2013 03:01 PM, Joe Zeff wrote: On 09/07/2013 03:31 AM, g wrote: Tonkin Gulf sounded familiar, so i ran a search. you were there around the time of 'delimitation'. had it been 1964. it would not have been so Boring!. Steaming in and out of a fog bank was boring. I suggest that you read up on the Easter Offensive, because I was on one of the 38 ships supporting the ARVN at that time. If it weren't for that, I probably wouldn't have lost part of my hearing. is that the 31 January 1968 Tet Offensive? No. The Easter Offensive was in '72, when the NVA poured across the border with 150,000 men and more armor than the Germans sent to the Kursk Salient. They ended up with a few positions south of the border, and got back 50,000 men on foot. ARVN did almost all of the ground work. We supplied air support and shore bombardment, and took almost no casualties. Look it up in Wikipedia. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/07/2013 04:20 PM, Joe Zeff wrote: No. The Easter Offensive was in '72, when the NVA poured across the border with 150,000 men and more armor than the Germans sent to the Kursk Salient. They ended up with a few positions south of the border, and got back 50,000 men on foot. ARVN did almost all of the ground work. We supplied air support and shore bombardment, and took almost no casualties. Look it up in Wikipedia. ok. i looked it up; http://en.wikipedia.org/wiki/ARVN another fine example of how screwed up things can get with lack of good communications. especially in a 'police action' as some mistakenly reported it to be. -- peace out. in a world with out fences, who needs gates. sl6.3 linux tc.hago. g . -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/07/2013 03:25 PM, g wrote: ok. i looked it up; http://en.wikipedia.org/wiki/ARVN another fine example of how screwed up things can get with lack of good communications. Try looking here instead: https://en.wikipedia.org/wiki/Easter_Offensive because it deals with the offensive in question, rather than being a general article on one of the armies involved. (If you wanted to learn about the Korean War, would you consult only an article on the US Army?) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/07/2013 06:01 PM, Joe Zeff wrote: On 09/07/2013 03:25 PM, g wrote: ok. i looked it up; http://en.wikipedia.org/wiki/ARVN another fine example of how screwed up things can get with lack of good communications. Try looking here instead: https://en.wikipedia.org/wiki/Easter_Offensive because it deals with the offensive in question, rather than being a general article on one of the armies involved. ok. thanks. (If you wanted to learn about the Korean War, would you consult only an article on the US Army?) not really. it was what wikipedia found in search. i guess wikipedia does not know all the general answers. :=) -- peace out. in a world with out fences, who needs gates. sl6.3 linux tc.hago. g . -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/07/2013 04:30 PM, g wrote: not really. it was what wikipedia found in search. i guess wikipedia does not know all the general answers. :=) Odd. I put Easter Offensive into the search bar and got exactly what I was looking for. What search term did you use? BTW, if you want to discuss the offensive, or ask about it, feel free, but off-list because I don't want to bore the rest of the list with something this far off-topic. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
Ah Ken's ACm lecture on Trusting trust. yes good reading. On Fri, Sep 6, 2013 at 6:55 AM, Dave Stevens g...@uniserve.com wrote: Quoting Rahul Sundaram methe...@gmail.com: Hi On Thu, Sep 5, 2013 at 5:58 PM, Javier Perez wrote: I know SELinux is not about encryption, it is about limiting access to the system AFTER a breach has ocurred. (That is my understanding AFAIK, and that is why I think it is a good idea). My beef is given the NSA origin of this software, It could very well have a backdoor to turn itself off under the appropriate circumstances like an NSA-sponsored breach an allow unrestricted access to my system.. NSA is a *huge* organization with multiple divisions SELinux can prevent breaches as well as mitigate the extend of any breaches depending on the situation but more importantly, it is fully free and open source software and part of the upstream Linux kernel which has been thoroughly reviewed and powered competing Govt agencies including both US and Russian defense. As a side note, running SELinux doesn't prevent say someone monitoring your email or chat unless you are encrypting all of that and even then it might be just a speed bump for NSA. If you want to change what they do, engage in the right political advocacy groups. Rahul Not to contradict what Rahul says, which I agree with, you might also want to read this: http://cm.bell-labs.com/who/**ken/trust.htmlhttp://cm.bell-labs.com/who/ken/trust.html Old but still relevant. Dave -- Advertising is the rattling of a stick inside a swill bucket - George Orwell -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.**org/mailman/listinfo/usershttps://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-**of-conducthttp://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/**Mailing_list_guidelineshttp://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- Clive -- 077222971491 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 9/5/2013 1:41 PM, Javier Perez wrote: Until I hear of a thorough code review by a non-USA team of this code, I do not feel safe using it, privacy wise. With NSA's Utah Data Center opening this month, I don't think using SElinux will seem a problem http://photoblog.nbcnews.com/_news/2013/06/07/18831205-nsas-massive-new-data-center-in-utah?lite -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/05/2013 09:41 PM, Javier Perez wrote: After reading this, I am turning off SELINUX http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security Until I hear of a thorough code review by a non-USA team of this code, I do not feel safe using it, privacy wise. It's a pity because SELINUX is a good idea. That's what they want you to do. Andrew. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
Allegedly, on or about 06 September 2013, Andrew Haley sent: That's what they want you to do. Haha, best retort yet. -- All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On Fri, 6 Sep 2013 17:58:03 +0200 Heinz Diehl h...@fritha.org wrote: On 06.09.2013, Javier Perez wrote: My beef is given the NSA origin of this software, It could very well have a backdoor to turn itself off under the appropriate circumstances like an NSA-sponsored breach an allow unrestricted access to my system.. Every person contributing to free open source software could do that. You're talking about the NSA: they could easily pay somebody to do that for them. Everybody with a lot of money could do the same. If that's your concern, you can never ever be shure, unless you have reviewed all of the sourcecode running on your machine by yourself, and recompiled the software using this source afterwards. That's not enough, because the compiler may be rigged to reintroduce backdoors straight into binaries. You need to check the compiler source code, and then bootstrap it from a simpler compiler that you have wrote yourself in machine code (and I mean machine code, not the assembly language). However, this also isn't good enough, since the bios, CPU (firmware and hardware in general) might have an undocumented set of instructions that can remotely trigger total control over the machine. It's quite simple, actually --- NSA pays some money to rig Intel, AMD, ARM and PPC architectures in this way, and they can access anything remotely. So in order to go around that, you need to build a computer yourself from scratch, in particular the CPU. After bootstraping Linux on that hardware (LFS distro comes to mind...), you're safe against the NSA. As for the tinfoil hat, it needs two layers --- the inside layer needs to be orientend shiny-side in, which would prevent the NSA from spying on your brain waves. But the outside layer needs to be oriented shiny-side out, to prevent the NSA from feeding your brain with undesired signals. The two layers need to be well insulated against each other --- it's obvious that a short-circuit between them will leave you completely vulnerable... HTH, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 06.09.2013, Javier Perez wrote: My beef is given the NSA origin of this software, It could very well have a backdoor to turn itself off under the appropriate circumstances like an NSA-sponsored breach an allow unrestricted access to my system.. Every person contributing to free open source software could do that. You're talking about the NSA: they could easily pay somebody to do that for them. Everybody with a lot of money could do the same. If that's your concern, you can never ever be shure, unless you have reviewed all of the sourcecode running on your machine by yourself, and recompiled the software using this source afterwards. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
Am 06.09.2013 00:35, schrieb Javier Perez: I know it is a long shot and a lot of paranoid-think, after all, if I have to depend on SELinux to defend my system from external breaches, I am F*ck up already. says who? I say so, based on my current knowledge of how to defend your system from external threats but your knowledge is very little it seems If your ONLY defense left is SELinux then one is quite naked to the world with only one last fig leaft to protect you :) uneducated and wrong guess - SELinux is not your only defense - it is the last resort by design Althought I think you answered this line too fast, taking that line out of context, given the explanation I gave in the next paragraph. no my daily job is security based on knowledge and not on uneducated guesses Attackers should first have to breach the firewall and then obtain some sort of user access *what* has a firewall to do with a potential buffer overlow in running code resulting in execute inujected code on your system - that's what SElinux is about may i suggest to learn basics about the different layers of a operating system before read random completly unrelated articles and speard FUD based on them without understan dwhat they are talking about? Again, I think I am not explaining properly my thoughts. In this paragraph I am talking of the total security of the system and the different layers an attacker would have to peel before pawining the system, not of SELinux alone. again: SElinux is the *last resort* then trick the system to scalate it to a root access before SELinux comes into play may i suggest to learn how SElinux works it is supposed to prevent exactly this And that is my point exactly. If as the article has said, NSA is spending millions to compromise security systems, how sure are we that there isn't something in the code that allows them to bypass the protection that SELinux promises to confer? Before the article, I'd agree with you, FUDmongering. After it, I wonder. BTW, thanks for the correction, I was forgetting once an attacker gets root, you are pawned. I was wondering at the wrong level :) anything not proven by facts is FUD But again, It is good to know that all links in the chain to being pawned are good and strong before trusting them, and this article certainly throws some mud to whatever contribution NSA has made to any security system without any specified backround it is uneducated FUD no tmore and not less As I said, before the article I would agree with you. But after reading it, I just wonder if there is any Achilles heel in the armor if you only would understand how stupid your whole argumentation is * SLinux is opensource * it is part of the kernel * it is reviewed by a lot of people outside the USA * if you do not trust these people you must not trust the rest of the kernel well, and in this case use Windows or OSX but wait, both are closed source and US companies so who do you trust more - USA closed source, ot reviewed or opensource widely reviewed? none of them? well than shut down your computer at all signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
Am 05.09.2013 23:58, schrieb Javier Perez: I know SELinux is not about encryption, it is about limiting access to the system AFTER a breach has ocurred. (That is my understanding AFAIK, and that is why I think it is a good idea) well, so *why* do you refer to an article about encryption My beef is given the NSA origin of this software, It could very well have a backdoor to turn itself off under the appropriate circumstances like an NSA-sponsored breach an allow unrestricted access to my system could very well is not any qualified statement - it is FUD I know it is a long shot and a lot of paranoid-think, after all, if I have to depend on SELinux to defend my system from external breaches, I am F*ck up already. says who? Attackers should first have to breach the firewall and then obtain some sort of user access *what* has a firewall to do with a potential buffer overlow in running code resulting in execute inujected code on your system - that's what SElinux is about may i suggest to learn basics about the different layers of a operating system before read random completly unrelated articles and speard FUD based on them without understan dwhat they are talking about? then trick the system to scalate it to a root access before SELinux comes into play may i suggest to learn how SElinux works it is supposed to prevent exactly this But again, It is good to know that all links in the chain to being pawned are good and strong before trusting them, and this article certainly throws some mud to whatever contribution NSA has made to any security system without any specified backround it is uneducated FUD no tmore and not less signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
Quoting Marko Vojinovic vvma...@gmail.com: On Fri, 6 Sep 2013 17:58:03 +0200 Heinz Diehl h...@fritha.org wrote: On 06.09.2013, Javier Perez wrote: My beef is given the NSA origin of this software, It could very well have a backdoor to turn itself off under the appropriate circumstances like an NSA-sponsored breach an allow unrestricted access to my system.. Every person contributing to free open source software could do that. You're talking about the NSA: they could easily pay somebody to do that for them. Everybody with a lot of money could do the same. If that's your concern, you can never ever be shure, unless you have reviewed all of the sourcecode running on your machine by yourself, and recompiled the software using this source afterwards. That's not enough, because the compiler may be rigged to reintroduce backdoors straight into binaries. You need to check the compiler source code, and then bootstrap it from a simpler compiler that you have wrote yourself in machine code (and I mean machine code, not the assembly language). However, this also isn't good enough, since the bios, CPU (firmware and hardware in general) might have an undocumented set of instructions that can remotely trigger total control over the machine. It's quite simple, actually --- NSA pays some money to rig Intel, AMD, ARM and PPC architectures in this way, and they can access anything remotely. So in order to go around that, you need to build a computer yourself from scratch, in particular the CPU. After bootstraping Linux on that hardware (LFS distro comes to mind...), you're safe against the NSA. As for the tinfoil hat, it needs two layers --- the inside layer needs to be orientend shiny-side in, which would prevent the NSA from spying on your brain waves. But the outside layer needs to be oriented shiny-side out, to prevent the NSA from feeding your brain with undesired signals. The two layers need to be well insulated against each other --- it's obvious that a short-circuit between them will leave you completely vulnerable... HTH, :-) Marko I think Rahul nailed it, this is a political problem with no technical solution. Dave -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- Advertising is the rattling of a stick inside a swill bucket - George Orwell -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On Fri, 06 Sep 2013 12:05:12 -0500 Steven Stern subscribed-li...@sterndata.com wrote: On 09/06/2013 11:18 AM, Marko Vojinovic wrote: As for the tinfoil hat, it needs two layers --- the inside layer needs to be orientend shiny-side in, which would prevent the NSA from spying on your brain waves. But the outside layer needs to be oriented shiny-side out, to prevent the NSA from feeding your brain with undesired signals. The two layers need to be well insulated against each other --- it's obvious that a short-circuit between them will leave you completely vulnerable... Wouldn't this allow the hat to function as a capacitor? What happens with it builds up a sufficient charge to pop? As long as you're at it, use lead foil and paper towels soaked with vinegar or lemon juice. That will make it a battery and you can use it to keep your cell phone charged, so they satellites can more easily track you. :-) I love it, this thread is starting to contain some useful information. :) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
RE: Turning off SELINUX
As for the tinfoil hat, it needs two layers --- the inside layer needs to be orientend shiny-side in, which would prevent the NSA from spying on your brain waves. But the outside layer needs to be oriented shiny-side out, to prevent the NSA from feeding your brain with undesired signals. The two layers need to be well insulated against each other --- it's obvious that a short-circuit between them will leave you completely vulnerable... I prefer kevlar in the insulated layer. Also my hat is more of a full helmet. Like to make it slightly more difficult in the event they decide my process needs to be terminated. :-) Alan -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/06/2013 11:18 AM, Marko Vojinovic wrote: As for the tinfoil hat, it needs two layers --- the inside layer needs to be orientend shiny-side in, which would prevent the NSA from spying on your brain waves. But the outside layer needs to be oriented shiny-side out, to prevent the NSA from feeding your brain with undesired signals. The two layers need to be well insulated against each other --- it's obvious that a short-circuit between them will leave you completely vulnerable... Wouldn't this allow the hat to function as a capacitor? What happens with it builds up a sufficient charge to pop? As long as you're at it, use lead foil and paper towels soaked with vinegar or lemon juice. That will make it a battery and you can use it to keep your cell phone charged, so they satellites can more easily track you. :-) -- -- Steve -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/07/2013 03:35 AM, Fred Erickson wrote: On Fri, 06 Sep 2013 12:05:12 -0500 Steven Stern subscribed-li...@sterndata.com wrote: On 09/06/2013 11:18 AM, Marko Vojinovic wrote: As for the tinfoil hat, it needs two layers --- the inside layer needs to be orientend shiny-side in, which would prevent the NSA from spying on your brain waves. But the outside layer needs to be oriented shiny-side out, to prevent the NSA from feeding your brain with undesired signals. The two layers need to be well insulated against each other --- it's obvious that a short-circuit between them will leave you completely vulnerable... Wouldn't this allow the hat to function as a capacitor? What happens with it builds up a sufficient charge to pop? As long as you're at it, use lead foil and paper towels soaked with vinegar or lemon juice. That will make it a battery and you can use it to keep your cell phone charged, so they satellites can more easily track you. :-) I love it, this thread is starting to contain some useful information. :) Objection on the grounds of misinformation Quite some time ago I asked for info on how to cut out overhead power line static from the bus radio when driving along country roads and got pretty much the same foil response. Tried the hat, suddenly saw the whole universe to molecular level. You can no longer fool me! I even wrapped the whole school bus in 2 layers of insulated foil but it did not work because I could not completely ground the inner layer of foil and the earth peg pulled out of the ground while driving. Steer clear of this one! Roger -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/06/2013 12:35 PM, Fred Erickson wrote: I love it, this thread is starting to contain some useful information. :) yeah. like what is fud. :=D and that is not a question. i mean their opinion about what is fud. ;=) -- peace out. in a world with out fences, who needs gates. sl6.3 linux tc.hago. g . -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/06/2013 06:06 PM, Roger wrote: You can no longer fool me! I even wrapped the whole school bus in 2 layers of insulated foil but it did not work because I could not completely ground the inner layer of foil and the earth peg pulled out of the ground while driving. you needed to have dragged a heavy chain like gasoline delivery tankers did years ago. -- peace out. in a world with out fences, who needs gates. sl6.3 linux tc.hago. g . -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/07/2013 01:02 PM, g wrote: On 09/06/2013 06:06 PM, Roger wrote: You can no longer fool me! I even wrapped the whole school bus in 2 layers of insulated foil but it did not work because I could not completely ground the inner layer of foil and the earth peg pulled out of the ground while driving. you needed to have dragged a heavy chain like gasoline delivery tankers did years ago. Nay! that dug trenches in the dirt roads and reduced mileage to 2km.ltr. Side benefit though!. The radio antenna gathered static and charged the 2 layers like a capacitor...kids never touched the windows again, sat like angels, hands on laps, spikey hair did look funny. No grimey kid prints on the windows I was the envy of other bus drivers. Still can't listen to the radio. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
Loved it! :) As for the tinfoil hat, it needs two layers --- the inside layer needs to be orientend shiny-side in, which would prevent the NSA from spying on your brain waves. But the outside layer needs to be oriented shiny-side out, to prevent the NSA from feeding your brain with undesired signals. The two layers need to be well insulated against each other --- it's obvious that a short-circuit between them will leave you completely vulnerable... HTH, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- -- /\_/\ |O O| pepeb...@gmail.com Javier Perez While the night runs toward the day... m m Pepebuho watches from his high perch. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
I tried some of this stuff while in the service and almost got busted! Foil on a 5-ton hut did not work well! Mike D. On 9/6/2013 9:25 PM, Javier Perez wrote: Loved it! :) As for the tinfoil hat, it needs two layers --- the inside layer needs to be orientend shiny-side in, which would prevent the NSA from spying on your brain waves. But the outside layer needs to be oriented shiny-side out, to prevent the NSA from feeding your brain with undesired signals. The two layers need to be well insulated against each other --- it's obvious that a short-circuit between them will leave you completely vulnerable... HTH, :-) Marko -- users mailing list users@lists.fedoraproject.org mailto:users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- -- /\_/\ |O O| pepeb...@gmail.com mailto:pepeb...@gmail.com Javier Perez While the night runs toward the day... m m Pepebuho watches from his high perch. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/06/2013 10:56 PM, Roger wrote: Nay! that dug trenches in the dirt roads and reduced mileage to 2km.ltr. Side benefit though!. The radio antenna gathered static and charged the 2 layers like a capacitor...kids never touched the windows again, sat like angels, hands on laps, spikey hair did look funny. No grimey kid prints on the windows I was the envy of other bus drivers. Still can't listen to the radio. i can relate to antenna static and charges. years back, 1965, i work as a ship's navigator doing off shore shallow water oil survey in Gulf of Mexico. late one evening when we were returning to crew quarters boat, for some reason or other, i decided to climb up on top of bridge. along side of ladder was cable for antenna. while climbing up, i kept getting a stinging on my ear, so i swatted at what i thought were mosquitos. after looking around horizon, i looked up into sky to observe the many stars. that is when i notice St. Elmo's fire off end of antenna. i move over to antenna wire, looked closely and saw a faint but clearly visible blue static around wire. when i descended ladder, staying well clear of antenna wire, i looked down at water and caught glimpses of some fishes with their bio luminescence. another great sight. truly an experience of 3 of the many wonders of nature. -- peace out. in a world with out fences, who needs gates. sl6.3 linux tc.hago. g . -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On Thu, 5 Sep 2013 15:41:06 -0500, Javier Perez wrote: After reading this, I am turning off SELINUX http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security Until I hear of a thorough code review by a non-USA team of this code, I do not feel safe using it, privacy wise. It's a pity because SELINUX is a good idea. SELinux is not about encryption, though. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/05/2013 04:41 PM, Javier Perez wrote: After reading this, I am turning off SELINUX http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security Until I hear of a thorough code review by a non-USA team of this code, I do not feel safe using it, privacy wise. It's a pity because SELINUX is a good idea. SELinux is a *great* idea. You know what's the best part? It has nothing at all to do with encryption. This article is completely irrelevant to the SELinux discussion. Now, it *could* be relevant to a discussion about openssl, gnutls and Mozilla NSS, but unless you haven't been paying attention, you'll notice that all of those projects (and SELinux) have a very heavy non-US contributor community. This is pretty much a perfect example of the value of open-source: no one is going to be able to sneak something into the upstream code. Please stop spreading FUD and *STOP TURNING OFF SELINUX*. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIo8YsACgkQeiVVYja6o6NzxgCgnTMTOZc2Mwu77QCThs3fqy2F C6UAoJlhW6h6yn9H2171fkt5ALQghw+U =+TaE -END PGP SIGNATURE- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Turning off SELINUX
After reading this, I am turning off SELINUX http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security Until I hear of a thorough code review by a non-USA team of this code, I do not feel safe using it, privacy wise. It's a pity because SELINUX is a good idea. -- -- /\_/\ |O O| pepeb...@gmail.com Javier Perez While the night runs toward the day... m m Pepebuho watches from his high perch. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
I know SELinux is not about encryption, it is about limiting access to the system AFTER a breach has ocurred. (That is my understanding AFAIK, and that is why I think it is a good idea). My beef is given the NSA origin of this software, It could very well have a backdoor to turn itself off under the appropriate circumstances like an NSA-sponsored breach an allow unrestricted access to my system.. I know it is a long shot and a lot of paranoid-think, after all, if I have to depend on SELinux to defend my system from external breaches, I am F*ck up already. Attackers should first have to breach the firewall and then obtain some sort of user access, then trick the system to scalate it to a root access before SELinux comes into play. But again, It is good to know that all links in the chain to being pawned are good and strong before trusting them, and this article certainly throws some mud to whatever contribution NSA has made to any security system. My 2 cents. On Thu, Sep 5, 2013 at 4:14 PM, Michael Schwendt mschwe...@gmail.comwrote: On Thu, 5 Sep 2013 15:41:06 -0500, Javier Perez wrote: After reading this, I am turning off SELINUX http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security Until I hear of a thorough code review by a non-USA team of this code, I do not feel safe using it, privacy wise. It's a pity because SELINUX is a good idea. SELinux is not about encryption, though. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- -- /\_/\ |O O| pepeb...@gmail.com Javier Perez While the night runs toward the day... m m Pepebuho watches from his high perch. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
Am 05.09.2013 22:41, schrieb Javier Perez: After reading this, I am turning off SELINUX http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security Until I hear of a thorough code review by a non-USA team of this code, I do not feel safe using it, privacy wise. It's a pity because SELINUX is a good idea and where is the context to SELinux? * prove things * if you can't prove them don't spread FUD http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt and yes i am *clearly* aware of privacy and my job is secuirty but if i would follow any unqualified FUD i had to search a job outside the IT signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
On 09/05/2013 01:41 PM, Javier Perez wrote: After reading this, I am turning off SELINUX http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security What, if anything, does this have to do with SELinux? SELinux is all about making sure malicious or badly-written code doesn't damage your machine and has nothing whatsoever to do with encryption. Don't throw the baby out instead of the bathwater. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
Hi On Thu, Sep 5, 2013 at 5:58 PM, Javier Perez wrote: I know SELinux is not about encryption, it is about limiting access to the system AFTER a breach has ocurred. (That is my understanding AFAIK, and that is why I think it is a good idea). My beef is given the NSA origin of this software, It could very well have a backdoor to turn itself off under the appropriate circumstances like an NSA-sponsored breach an allow unrestricted access to my system.. NSA is a *huge* organization with multiple divisions SELinux can prevent breaches as well as mitigate the extend of any breaches depending on the situation but more importantly, it is fully free and open source software and part of the upstream Linux kernel which has been thoroughly reviewed and powered competing Govt agencies including both US and Russian defense. As a side note, running SELinux doesn't prevent say someone monitoring your email or chat unless you are encrypting all of that and even then it might be just a speed bump for NSA. If you want to change what they do, engage in the right political advocacy groups. Rahul -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Turning off SELINUX
Quoting Rahul Sundaram methe...@gmail.com: Hi On Thu, Sep 5, 2013 at 5:58 PM, Javier Perez wrote: I know SELinux is not about encryption, it is about limiting access to the system AFTER a breach has ocurred. (That is my understanding AFAIK, and that is why I think it is a good idea). My beef is given the NSA origin of this software, It could very well have a backdoor to turn itself off under the appropriate circumstances like an NSA-sponsored breach an allow unrestricted access to my system.. NSA is a *huge* organization with multiple divisions SELinux can prevent breaches as well as mitigate the extend of any breaches depending on the situation but more importantly, it is fully free and open source software and part of the upstream Linux kernel which has been thoroughly reviewed and powered competing Govt agencies including both US and Russian defense. As a side note, running SELinux doesn't prevent say someone monitoring your email or chat unless you are encrypting all of that and even then it might be just a speed bump for NSA. If you want to change what they do, engage in the right political advocacy groups. Rahul Not to contradict what Rahul says, which I agree with, you might also want to read this: http://cm.bell-labs.com/who/ken/trust.html Old but still relevant. Dave -- Advertising is the rattling of a stick inside a swill bucket - George Orwell -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
