Re: [DNG] A Devuan kernel?
Quoting Adam Borowski (kilob...@angband.pl):
> I'm talking about kernel not progs, and those don't get issued CVEs.
1. Kernels get CVEs.
2. The lion's share of ext4 security-sensitive bugs have been in
e2fsprogs code.
3. I'm disappointed to have (by implication) politely invited you to support
your claim about 'arbitrary code execution', and not yet heard any.
I'd still be interested, if you can cite any examples.
> There's only so much preaching about "don't blindly mount untrusted
> filesystems" that gets ignored by distros one can do before giving up on the
> issue.
Begging your pardon, Adam, but I think somehow we're miscommunicating,
as this seems unresponsive to what I said. I really wasn't trying to
pick an argument, however.
> > Where I'm pretty sure you are massively exaggerating is by eliding the
> > necessary qualifiers 'in theory' and 'possibly' and claiming observed
> > paths to arbitrary code execution (leveraging privileged routines).
> > There is a gaping hole between 'buffer overflow that someone might
> > eventually figure out how to do bad things with' and 'arbitrary code
> > execution'.
>
> A bug is a bug. Most serious kernel developers don't put much heed into
> whether the problem is exploitable or not, they just fix it. It's only
> security folks that analyze those.
{sigh}
You seem, here, to talk around my critique without addressing it. Oh
well.
> > If we're going to have realistic discussions of security on Dng, it
> > would help to forego 'Bad things are possible, ergo doomsday just
> > happened' rhetoric.
>
> It's about attack types. Breaking the kernel with nothing but network
> access is major news (as opposed to taking over a network daemon first).
> Taking over the daemon is userspace issue thus out of scope for kernel devs,
> although obviously it's interesting for _users_.
Again, you seem to have ignored my point.
> As for physical access exploits, it's pretty much a lost cause. Distros
> automount filesystems from removable media (USB, SD cards, ...), and this
> attack avenue alone is enough.
Speak for yourself, sir. ;-> My Linux systems don't run automounters,
for starters. (I'm sorry to hear about unwise distro installation
defaults, but they aren't _my_ problem.)
> > Concur that USB is a security Typhoid Mary. I would dearly love to see
> > hardware devices enforcing USB class identities on connected devices, so
> > that, say, a USB key drive can claim all it wants to be a USB HID-class
> > device rather than UMS-class, but isn't believed. Short of that, I'm
> > just really careful what hardware I permit.
>
> There's no way to enforce identity: the other side of a connector has no way
> of verifying that.
I think you must have either misunderstood what I said, and/or just
simply aren't addressing it.
A candidate hardware solution might a 'filter adapter' pluggable into a
host USB port and have a switch to select one at a time of the 20
assigned USB classes (of which the most everyday-familiar are HID,
printer, and UMS). Then, you plug the peripheral into the filter
adapter. The latter, if configured to allow only UMS devices, waits
until the peripheral declares as part of USB handshaking its Vendor ID
(VID), Product ID (PID), and serial number (iSerial). These data
suffice for the filter adapter to determine what USB class the
peripheral is claiming to be, and either allows or disallows the USB
information to progress through to the host computer -- depending on how
you habe the USB class switch set. I.e., if the supposed UMS device is
lying and claiming to be a HID one, so it can function as a keyboard,
the filter adapter would deny the connection.
A simpler solution would be for a simpler intermediate USB device to
merely pop up on an LCD display the above claimed device information
offered for handshaking (ideally displaying a more-complete description
from table lookup) and prompt the user 'Accept device 'y/N?' before
enumerating it.
Neither of these is a perfect solution, but is a whole lot better than
just plugging in a device and trusting it to Do the Right Thing.
I follow Schneier's blog (and similar outlets such as RISKS Digest) only
occasionally, but I could swear that there have been some innovative
products at least as prototypes mentioned in such places from time to
time.
I'm not a hardware designer, so I am certainly not, in the above
paragraphs, claiming to have a workable plan let alone a tested one.
I'm just suggesting the sorts of things that could be attempted, to
improve over the 'plug it in and trust it' model. And, even if I
haven't seen the _exact_ techniques I outline, I'm reasonably certain
I've seen competent plans to do similar things using hardware solutions.
> > Attacks relying on USB devices masquerading as a different class come up
> > fairly often on Schneier's blog, e.g.,
> > https://www.schneier.com/blog/archives/2011/06/yet_another_peo.html
>
> None of the devices in the article
Re: [DNG] A Devuan kernel?
On Wed, 18 Jul at 2018 05:02:06 +0200 Alessandro Selli wrote: > On Wed, 18 Jul 2018 at 03:21:14 +0200 > Adam Borowski wrote: > >> On Tue, Jul 17, 2018 at 05:24:11PM -0700, Rick Moen wrote: >>> Quoting Adam Borowski (kilob...@angband.pl): >>> Then there are local exploits. Ted Ts'o for example keeps fuzzying ext4 for years yet exploitable bugs still pop up frequently -- usually just DoS but arbitrary code execution isn't unheard of. >>> >>> I've read a lot of e2fsprogs CVEs, and cannot recall any ever having >>> been _proved exploitable_ to allow arbitrary code execution. In a >>> number of cases, there have been bugs, generally buffer overflows, that >>> in theory could _possibly_ lead to arbitrary code execution that in >>> theory might exploit privileged code such as e2fsprogs mount code, thus >>> in theory possibly supporting privilege escalation. >> >> I'm talking about kernel not progs, and those don't get issued CVEs. > > A 5 secs search for "linux kernel CVE" disagrees with you: > https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33 > > Why on Earth would ever a kernel vulnerability not be issued a CVE? All right, on second reading I think I misunderstood you: you mean e2fsprogs do not get CVEs. Well, it's still wrong, a 5 secs search for "linux e2fsprogs CVE" disagrees with you: https://www.suse.com/security/cve/CVE-2015-1572/ "Description Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty." Regards, Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Wed, 18 Jul 2018 at 03:21:14 +0200 Adam Borowski wrote: > On Tue, Jul 17, 2018 at 05:24:11PM -0700, Rick Moen wrote: >> Quoting Adam Borowski (kilob...@angband.pl): >> >>> Then there are local exploits. Ted Ts'o for example keeps fuzzying >>> ext4 for years yet exploitable bugs still pop up frequently -- usually >>> just DoS but arbitrary code execution isn't unheard of. >> >> I've read a lot of e2fsprogs CVEs, and cannot recall any ever having >> been _proved exploitable_ to allow arbitrary code execution. In a >> number of cases, there have been bugs, generally buffer overflows, that >> in theory could _possibly_ lead to arbitrary code execution that in >> theory might exploit privileged code such as e2fsprogs mount code, thus >> in theory possibly supporting privilege escalation. > > I'm talking about kernel not progs, and those don't get issued CVEs. A 5 secs search for "linux kernel CVE" disagrees with you: https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33 Why on Earth would ever a kernel vulnerability not be issued a CVE? > There's only so much preaching about "don't blindly mount untrusted > filesystems" that gets ignored by distros one can do before giving up on the > issue. What do user's securitity malpractises have to do with kernel backdoors? >> Where I'm pretty sure you are massively exaggerating is by eliding the >> necessary qualifiers 'in theory' and 'possibly' and claiming observed >> paths to arbitrary code execution (leveraging privileged routines). >> There is a gaping hole between 'buffer overflow that someone might >> eventually figure out how to do bad things with' and 'arbitrary code >> execution'. > > A bug is a bug. And it's not a backdoors. > Most serious kernel developers don't put much heed into > whether the problem is exploitable or not, they just fix it. It's only > security folks that analyze those. Right. Hoever, how does this address Rick's observations? >> If we're going to have realistic discussions of security on Dng, it >> would help to forego 'Bad things are possible, ergo doomsday just >> happened' rhetoric. > > It's about attack types. Breaking the kernel with nothing but network > access is major news (as opposed to taking over a network daemon first). > Taking over the daemon is userspace issue thus out of scope for kernel devs, > although obviously it's interesting for _users_. Yawnn... > As for local exploits, I find it very likely that three-letter-agencies of > all major countries do have some kind of ring 0 exploit, the attack surface > is big enough. More off-topic babbling. > As for physical access exploits, it's pretty much a lost cause. Distros > automount filesystems from removable media (USB, SD cards, ...), and this > attack avenue alone is enough. I read filesystem-related mailing lists > enough to know there's no way there's not a single arbitrary code execution > bug _somewhere_, in addition to many many many mere crashers. Thus, that > locked laptop is easy pickings. As before. >> Concur that USB is a security Typhoid Mary. I would dearly love to see >> hardware devices enforcing USB class identities on connected devices, so >> that, say, a USB key drive can claim all it wants to be a USB HID-class >> device rather than UMS-class, but isn't believed. Short of that, I'm >> just really careful what hardware I permit. > > There's no way to enforce identity: the other side of a connector has no way > of verifying that. OK. How could thst become a backdoor, please? A *kernel* backdoor? > On the other hand, letting userspace block any new devices of a certain > class would fix this particular attack: even for distros that insist on > automounting stuff without asking, it's pointless to do so while locked. > The only types that make sense are: 1. pure chargers, 2. HID (so you can > unlock even if your keyboard got dislodged). Any extra capabilities of the > link partner can be queried only after unlocking. > > That's for laptop/phone-type machines, a server might have a different > policy. Does the subject line read "A Devuan kernel?" or does it read "An all-round security audit of Devuan?" >> Attacks relying on USB devices masquerading as a different class come up >> fairly often on Schneier's blog, e.g., >> https://www.schneier.com/blog/archives/2011/06/yet_another_peo.html > > None of the devices in the article fake their class. Blocking automount > wouldn't also help here: no matter if you have automount, click-to-mount or > root only mount, cases when an user connects an USB stick but doesn't > immediately follow with mounting it are extremely, extremely rare. I suppose you don't run Linux out of security concerns, do you? Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Wed, 18 Jul 2018 at 00:33:45 +0200 Adam Borowski wrote: > On Tue, Jul 17, 2018 at 11:21:15PM +0200, Alessandro Selli wrote: >> My point is that the chances there is a backdoor in the Linux kernel >> are about as high as the chances tomorrow an alien ship abducts the >> world's leaders to take them captive to another solar system > > Actually, it's pretty likely some odd driver has a limited backdoor (aka an > intentional exploitable bug), $ test backdoor = bug && echo "The NSA's got us!" || echo Bullshit Bullshit $ > and 99.999% chance there's a number of > unintentional bugs the NSA, GRU and so on know of but don't let the public > know, saving them for high-value targets. Ok. How many were there that were ever exploited? > Then there are local exploits. Why do you keep shifting the topic? [...] > Same for other USB subsystems. All it takes is a device on the other end of > the USB cable to identify itself as a 1997 Mattel Sidewinder joystick or > such, whose driver has slightly inadequate input validation, to exploit a > locked machine. > > Or so on, so on... No one ever claimed Linux to be bullet-proof in all circumstances. Linus knows that, Kroah-Hartman knows that and so on, so on... What is being refuted is the claim that someone might have intentionally inserted a backdoor into the Linux kernel code and nobody else noticed. That's 99.999% unlikely. There are easier ways to compromise a Linux box, e.g. via the hardware and related sw (firmware, ME etc.) >> that there's no way we, or any single minor distro devs, could make the >> kernel any more secure than it currently is and that trying to do it would >> drain a huge amount of resources > > Minor distributions should follow the rule: > "Do one thing and do it well." > > Choosing secure defaults is in scope, but searching for backdoors is not. It depends. Auditing /sbin/init could be done. It's small, it does few things and it seldom changes. Just the opposite of the kernel. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, Jul 17, 2018 at 05:24:11PM -0700, Rick Moen wrote: > Quoting Adam Borowski (kilob...@angband.pl): > > > Then there are local exploits. Ted Ts'o for example keeps fuzzying ext4 for > > years yet exploitable bugs still pop up frequently -- usually just DoS but > > arbitrary code execution isn't unheard of. > > I've read a lot of e2fsprogs CVEs, and cannot recall any ever having > been _proved exploitable_ to allow arbitrary code execution. In a > number of cases, there have been bugs, generally buffer overflows, that > in theory could _possibly_ lead to arbitrary code execution that in > theory might exploit privileged code such as e2fsprogs mount code, thus > in theory possibly supporting privilege escalation. I'm talking about kernel not progs, and those don't get issued CVEs. There's only so much preaching about "don't blindly mount untrusted filesystems" that gets ignored by distros one can do before giving up on the issue. > Where I'm pretty sure you are massively exaggerating is by eliding the > necessary qualifiers 'in theory' and 'possibly' and claiming observed > paths to arbitrary code execution (leveraging privileged routines). > There is a gaping hole between 'buffer overflow that someone might > eventually figure out how to do bad things with' and 'arbitrary code > execution'. A bug is a bug. Most serious kernel developers don't put much heed into whether the problem is exploitable or not, they just fix it. It's only security folks that analyze those. > If we're going to have realistic discussions of security on Dng, it > would help to forego 'Bad things are possible, ergo doomsday just > happened' rhetoric. It's about attack types. Breaking the kernel with nothing but network access is major news (as opposed to taking over a network daemon first). Taking over the daemon is userspace issue thus out of scope for kernel devs, although obviously it's interesting for _users_. As for local exploits, I find it very likely that three-letter-agencies of all major countries do have some kind of ring 0 exploit, the attack surface is big enough. As for physical access exploits, it's pretty much a lost cause. Distros automount filesystems from removable media (USB, SD cards, ...), and this attack avenue alone is enough. I read filesystem-related mailing lists enough to know there's no way there's not a single arbitrary code execution bug _somewhere_, in addition to many many many mere crashers. Thus, that locked laptop is easy pickings. > Concur that USB is a security Typhoid Mary. I would dearly love to see > hardware devices enforcing USB class identities on connected devices, so > that, say, a USB key drive can claim all it wants to be a USB HID-class > device rather than UMS-class, but isn't believed. Short of that, I'm > just really careful what hardware I permit. There's no way to enforce identity: the other side of a connector has no way of verifying that. On the other hand, letting userspace block any new devices of a certain class would fix this particular attack: even for distros that insist on automounting stuff without asking, it's pointless to do so while locked. The only types that make sense are: 1. pure chargers, 2. HID (so you can unlock even if your keyboard got dislodged). Any extra capabilities of the link partner can be queried only after unlocking. That's for laptop/phone-type machines, a server might have a different policy. > Attacks relying on USB devices masquerading as a different class come up > fairly often on Schneier's blog, e.g., > https://www.schneier.com/blog/archives/2011/06/yet_another_peo.html None of the devices in the article fake their class. Blocking automount wouldn't also help here: no matter if you have automount, click-to-mount or root only mount, cases when an user connects an USB stick but doesn't immediately follow with mounting it are extremely, extremely rare. Meow! -- // If you believe in so-called "intellectual property", please immediately // cease using counterfeit alphabets. Instead, contact the nearest temple // of Amon, whose priests will provide you with scribal services for all // your writing needs, for Reasonable And Non-Discriminatory prices. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
Quoting Adam Borowski (kilob...@angband.pl): > Then there are local exploits. Ted Ts'o for example keeps fuzzying ext4 for > years yet exploitable bugs still pop up frequently -- usually just DoS but > arbitrary code execution isn't unheard of. I've read a lot of e2fsprogs CVEs, and cannot recall any ever having been _proved exploitable_ to allow arbitrary code execution. In a number of cases, there have been bugs, generally buffer overflows, that in theory could _possibly_ lead to arbitrary code execution that in theory might exploit privileged code such as e2fsprogs mount code, thus in theory possibly supporting privilege escalation. Where I'm pretty sure you are massively exaggerating is by eliding the necessary qualifiers 'in theory' and 'possibly' and claiming observed paths to arbitrary code execution (leveraging privileged routines). There is a gaping hole between 'buffer overflow that someone might eventually figure out how to do bad things with' and 'arbitrary code execution'. If we're going to have realistic discussions of security on Dng, it would help to forego 'Bad things are possible, ergo doomsday just happened' rhetoric. Concur that USB is a security Typhoid Mary. I would dearly love to see hardware devices enforcing USB class identities on connected devices, so that, say, a USB key drive can claim all it wants to be a USB HID-class device rather than UMS-class, but isn't believed. Short of that, I'm just really careful what hardware I permit. Attacks relying on USB devices masquerading as a different class come up fairly often on Schneier's blog, e.g., https://www.schneier.com/blog/archives/2011/06/yet_another_peo.html -- Cheers, "I am a member of a civilization (IAAMOAC). Step back Rick Moenfrom anger. Study how awful our ancestors had it, yet r...@linuxmafia.com they struggled to get you here. Repay them by appreciating McQ! (4x80) the civilization you inherited." -- David Brin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, Jul 17, 2018 at 11:21:15PM +0200, Alessandro Selli wrote: > My point is that the chances there is a backdoor in the Linux kernel > are about as high as the chances tomorrow an alien ship abducts the world's > leaders to take them captive to another solar system Actually, it's pretty likely some odd driver has a limited backdoor (aka an intentional exploitable bug), and 99.999% chance there's a number of unintentional bugs the NSA, GRU and so on know of but don't let the public know, saving them for high-value targets. Then there are local exploits. Ted Ts'o for example keeps fuzzying ext4 for years yet exploitable bugs still pop up frequently -- usually just DoS but arbitrary code execution isn't unheard of. That's a simple filesystem -- on the other hand, we got plenty of ridiculously complex filesystems as well. And ones like qnx4/qnx6 that have been effectively unmaintained for years, yet have modules enabled in distro kernels (including ours), probed whenever someone inserts a removable filesystem. Current desktop environments do so even when the screen is locked. Same for other USB subsystems. All it takes is a device on the other end of the USB cable to identify itself as a 1997 Mattel Sidewinder joystick or such, whose driver has slightly inadequate input validation, to exploit a locked machine. Or so on, so on... > that there's no way we, or any single minor distro devs, could make the > kernel any more secure than it currently is and that trying to do it would > drain a huge amount of resources Minor distributions should follow the rule: "Do one thing and do it well." Choosing secure defaults is in scope, but searching for backdoors is not. This is upstreamish work, thus it's not a distro thing. For free software to work, any capable developer should cooperate, but you do such audits without the distro hat on. Meow! -- // If you believe in so-called "intellectual property", please immediately // cease using counterfeit alphabets. Instead, contact the nearest temple // of Amon, whose priests will provide you with scribal services for all // your writing needs, for Reasonable And Non-Discriminatory prices. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, 17 Jul 2018 at 12:26:29 -0500 Эльбрус Кондратьев wrote: > Many people around forgets that the mission of the US National Security > Agency encompasses to 'stay on top' of everything they consider > themselves 'exceptional' and above the rule of law. It's their job to > intervene, hack and control everything their adversaries may employ. > > Their intentions do not constitute a 'possibility': they get paid for > hacking. > > Too many positions here result akin to state: We're not placing security > on the door because we have not seen the criminals coming in, although > we know they want and get paid to do it. No one ever doubted that. The NSA is just one of the several parties with very serious intentions about knowing and even controlling everything that happens or transits on the Internet (and with the means to do it almost pervasively). However the issue that was being debated was the presence of a backdoor in the Linux kernel Debian package, source code included, and the feasability of forking it for the sake of security. My point is that the chances there is a backdoor in the Linux kernel are about as high as the chances tomorrow an alien ship abducts the world's leaders to take them captive to another solar system(*), that there's no way we, or any single minor distro devs, could make the kernel any more secure than it currently is and that trying to do it would drain a huge amount of resources. Resources that'd be much better used in other critical fields, including securing the OS on the several other fronts that are IMO much more susceptible of having SW defects, that they are accidental of designed by purpose. *) Sometimes I do wish I was proved wrong. I'll let you guess which way do I wish I was proved wrong. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, 2018-07-17 at 10:01 -0700, spiralofhope wrote: > On Mon, 09 Jul 2018 11:53:17 +0200 > Martin Steigerwald wrote: > > > This discussion seems bordering on conspiracy theories. Those claim > > that something might be true and sow fear, uncertainty and doubt. > > I consider it a god of the gaps argument. There are blind spots in the > many eyes, and there could always be a lurking issue in one of them. > There could be, but possibility does not mean inevitability. Many people around forgets that the mission of the US National Security Agency encompasses to 'stay on top' of everything they consider themselves 'exceptional' and above the rule of law. It's their job to intervene, hack and control everything their adversaries may employ. Their intentions do not constitute a 'possibility': they get paid for hacking. Too many positions here result akin to state: We're not placing security on the door because we have not seen the criminals coming in, although we know they want and get paid to do it. Regards ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tuesday 17 July 2018 at 19:20:08, goli...@dyne.org wrote: > On 2018-07-17 12:04, spiralofhope wrote: > > On Tue, 10 Jul 2018 01:52:53 +0200 Alessandro Selli wrote: > > > On Mon, 9 Jul 2018 at 15:16:27 -0400 Steve Litt wrote: > > > > > > > Jimmy, you've just won a free procmail trip to /dev/null on my > > > > computer. > > > > > > > Isn't this a stylish way to put it? :-) > > > > aka "plonk". > > > > For anyone young: > > https://en.wikipedia.org/wiki/Plonk_%28Usenet%29 > > > > ___ > > FYI . . . conclusions based on age do not fly well here. ;) Maybe, in place of "young" above, try "inexperienced in the ways of the Internet" :) ? Old ideas are not _always_ the best, but they shouldn't be dismissed simply *because* they are old... Antony. -- It is also possible that putting the birds in a laboratory setting inadvertently renders them relatively incompetent. - Daniel C Dennett Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, 17 Jul 2018 12:20:08 -0500 goli...@dyne.org wrote: > On 2018-07-17 12:04, spiralofhope wrote: > > On Tue, 10 Jul 2018 01:52:53 +0200 > > Alessandro Selli wrote: > > > >> On Mon, 9 Jul 2018 at 15:16:27 -0400 > >> Steve Litt wrote: > >> > >> > Jimmy, you've just won a free procmail trip to /dev/null on my > >> > computer. > >> > >> Isn't this a stylish way to put it? :-) > > > > aka "plonk". > > > > For anyone young: > > > > https://en.wikipedia.org/wiki/Plonk_%28Usenet%29 > > ___ > > FYI . . . conclusions based on age do not fly well here. ;) > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng 'plonk' is an actual English word (well it is where I come from), as in 'just plonk it down there' ;-) Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 2018-07-17 12:04, spiralofhope wrote: On Tue, 10 Jul 2018 01:52:53 +0200 Alessandro Selli wrote: On Mon, 9 Jul 2018 at 15:16:27 -0400 Steve Litt wrote: > Jimmy, you've just won a free procmail trip to /dev/null on my > computer. Isn't this a stylish way to put it? :-) aka "plonk". For anyone young: https://en.wikipedia.org/wiki/Plonk_%28Usenet%29 ___ FYI . . . conclusions based on age do not fly well here. ;) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, 10 Jul 2018 01:52:53 +0200 Alessandro Selli wrote: > On Mon, 9 Jul 2018 at 15:16:27 -0400 > Steve Litt wrote: > > > Jimmy, you've just won a free procmail trip to /dev/null on my > > computer. > > Isn't this a stylish way to put it? :-) aka "plonk". For anyone young: https://en.wikipedia.org/wiki/Plonk_%28Usenet%29 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 09 Jul 2018 11:53:17 +0200 Martin Steigerwald wrote: > This discussion seems bordering on conspiracy theories. Those claim > that something might be true and sow fear, uncertainty and doubt. I consider it a god of the gaps argument. There are blind spots in the many eyes, and there could always be a lurking issue in one of them. There could be, but possibility does not mean inevitability. The argument becomes one of probability and one's opinions on threat acting like a parallel to spirituality. I suppose a basic notion is "be unsurprised when bugs arise".. perhaps something like deism. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
* Also worth noting this quote at the bottom of TFA: "Oh, Christ. It was obviously a joke, no government agency has ever asked me for a backdoor in Linux," Torvalds told Mashable via email. * Apologies for top posting with crappy mobile app On July 9, 2018 11:41:10 PM CDT, KatolaZ wrote: :: ::https://thehackernews.com/2013/09/us-government-asked-linus-torvalds-to.html ::https://falkvinge.net/2013/11/17/nsa-asked-linus-torvalds-to-install-backdoors-into-gnulinux/ :: ::which refer to the famous interview at LinuxCon 2013, and have nothing ::to do with the *existence* of an NSA backdoor in the Linux kernel, ::rather with the fact that the NSA had put pressure on Linus to put ::such a backdoor there. :: -- Sent from a Mobile device. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, Jul 10, 2018 at 05:02:52AM +0200, arne wrote: [cut] > > Hi, > > I don't remind which kernel. > but is was in the press for sure: > USA authorities were given a backdoor > in the kernel. > Could have been 2.6 > For security, fighting criminals whats however. > > There was absolutely no resistance in those days. > Not any. > Again, how difficult is it to find links to concrete references that can substantiate your claims? Not difficult at all, especially since the relevant links (search for "linux kernel backdoor" anywhere, there are literally hundreds): https://www.securityfocus.com/news/7388 https://freedom-to-tinker.com/2013/10/09/the-linux-backdoor-attempt-of-2003/ confirm instead that there *was* immediate resistance, and that the alleged "backdoor" (which many in the kernel development team concluded was probably just a silly bug), was discovered shortly after the patch was submitted, and never stood a chance to enter a released kernel: https://lwn.net/Articles/57135/ All those links (and many other ones on that story) confirm what many of us have been saying so far, which is perfectly summarised by the first comment to the last article above: "What I think stands out the most was not that the CVS gateway was hacked and questionable code inserted -- it was the speed and cooperation that allowed it to be quickly detected, removed and preventive measures taken to make it more difficult for such a compromise to take place. This is an EXCELLENT example of one of the strengths of Open Source Development -- hundreds of eyes looking at the same thing." Unless you are talking about another "Linux kernel backdoor" story that was widely covered by the press in 2013, and then carefully and completely removed from the Internet by the US government? Oh look, they did a very bad job: I managed to find two links (among mane other ones): https://thehackernews.com/2013/09/us-government-asked-linus-torvalds-to.html https://falkvinge.net/2013/11/17/nsa-asked-linus-torvalds-to-install-backdoors-into-gnulinux/ which refer to the famous interview at LinuxCon 2013, and have nothing to do with the *existence* of an NSA backdoor in the Linux kernel, rather with the fact that the NSA had put pressure on Linus to put such a backdoor there. Being a "veteran" has never been a sufficient excuse from the obligation to support your claims with actual facts. This is not a religion, and there has never been anything like a revealed gospel in the free software community[1]. HND KatolaZ [1] The only exception being that Emacs is the Only True and Holy Editor, and that ViViVi is the number of The Beast, as revealed by the venerable St. IGNUcius during his peregrinations around the world... :P -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, 10 Jul 2018 05:17:07 +0200 arne wrote: > > I think Devuan devs have more important things to do that looking > > for a pin in a haystack. > > > > > Alessandro > > I totally agree. > > Hard to find that pin. Errr, try opening your eyes. Since the floppies came out, there have been incredible improvements in the detection of "pins" whether pins be "backdoors" or "do sharks swim in these waters", or which town pumps the most illegal drugs. Now, if your really looking for pins containing iron, magnets from old hard disks shouldn't be too hard to procure. > And once found how to get rid of it? For most people, you post your concerns to a/multiple, relevant list(s)/forum. > > Will authorities allow the removal? There is nothing they can do to prevent it. What part oF OSS do you not understand? Part of my archiving of "linux" includes collected multiple copies of various source over various releases. So the cat is well and truely out of the bag. > > Think not. Oh, you're stuck in the Microsoft/Google mind trap. since I got the floppies, I've been avoiding those and similar. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel? Foreign countries began to develop their own kernels
On Fri, 6 Jul 2018 10:52:20 -0700 Jimmy Johnson wrote: > Good sources tell me we need our own kernel, do we have one? > Thanks. > > > This last week I've been testing Slackware and I see Patrick is > dealing with systemd too, Slackware 14.2 is on what seems to be a > ASCII system, except ASCII seems to be just a little bit more sable > in audio and video. I have Slack running on three computers and I got > my Canon printer working too. :) Of course Devuan Jessie is my go to > Linux distro, the easiest to work with and audio/video is most stable > of all. Hi, I don't remind which kernel. but is was in the press for sure: USA authorities were given a backdoor in the kernel. Could have been 2.6 For security, fighting criminals whats however. There was absolutely no resistance in those days. Not any. Foreign countries began to develop their own kernels. In those days I was into floppy distro's on old kernels so did not bother very much. But I remember it well. Yes I am a veteran in Linux stuff, into floppy distros like trinux (cloud computing avant la lettre) John ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, 10 Jul 2018 05:02:52 +0200, arne wrote in message <20180710050252.3494d2af@fx4100>: > On Mon, 9 Jul 2018 11:03:11 +0200 > KatolaZ wrote: > > > On Sun, Jul 08, 2018 at 11:52:41PM +0200, aitor_czr wrote: > > > Hi again, > > > > > > El 08/07/18 a las 23:49, info at smallinnovations dot nl > > > escribió: > > > > I am not a kernel guy so maybe i am asking a stupid question; > > > > but what other parts besides the official kernel from kernel.org > > > > would you install? Or leave out? > > > > > > I would leave out binary blobs :) > > > > > > > The Debian kernel already comes stripped of any binary blob, at > > least since Squeeze was testing (i.e., since about 2009). Binary > > firmware packages have been available in the non-free component > > since them. If you don't install any of those non-free packages, > > your kernel is equivalent to the one provided by LinuxLibre, the > > only difference being that you can still load binary blobs if you > > wish so (while that is forbidden in the kernels released by > > LinuxLibre). > > > > What are we talking about, exactly? > > > > HND > > > > KatolaZ > > > > Hi, > > I don't remind which kernel. > but is was in the press for sure: > USA authorities were given a backdoor > in the kernel. > Could have been 2.6 > For security, fighting criminals whats however. > > There was absolutely no resistance in those days. > Not any. > > Foreign countries began to develop their own kernels. > > In those days I was into floppy distro's on old kernels so did not > bother very much. > But I remember it well. > > Yes I am a veteran in Linux stuff, into floppy distros like trinux > (cloud computing avant la lettre) > > John ...Hughes? -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 11:03:11 +0200 KatolaZ wrote: > On Sun, Jul 08, 2018 at 11:52:41PM +0200, aitor_czr wrote: > > Hi again, > > > > El 08/07/18 a las 23:49, info at smallinnovations dot nl escribió: > > > I am not a kernel guy so maybe i am asking a stupid question; but > > > what other parts besides the official kernel from kernel.org > > > would you install? Or leave out? > > > > I would leave out binary blobs :) > > > > The Debian kernel already comes stripped of any binary blob, at least > since Squeeze was testing (i.e., since about 2009). Binary firmware > packages have been available in the non-free component since them. If > you don't install any of those non-free packages, your kernel is > equivalent to the one provided by LinuxLibre, the only difference > being that you can still load binary blobs if you wish so (while that > is forbidden in the kernels released by LinuxLibre). > > What are we talking about, exactly? > > HND > > KatolaZ > Hi, I don't remind which kernel. but is was in the press for sure: USA authorities were given a backdoor in the kernel. Could have been 2.6 For security, fighting criminals whats however. There was absolutely no resistance in those days. Not any. Foreign countries began to develop their own kernels. In those days I was into floppy distro's on old kernels so did not bother very much. But I remember it well. Yes I am a veteran in Linux stuff, into floppy distros like trinux (cloud computing avant la lettre) John ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 at 16:15:20 +0200 Antony Stone wrote: [...] Oh my, who are these guys? Received: from pikantus.localnet (cable-78-34-34-47.netcologne.de [78.34.34.47]) by formal.dehy.de (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id w69EFPKD030503 https://www.debian.org/News/2012/20120209 Security Support for Debian 5.0 terminated February 9th, 2012 Security Support for Debian GNU/Linux 5.0 terminated on February 6th Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 at 20:47:01 +0200 marc wrote: > Hello Jimmy > > > Today Linux is pretty much owned by the NSA, including it's developers, > > not many educated eyes out there anymore to spot and report malware. > > Things have changed. > > So there is a nice poster around with a grumpy cat saying > "The NSA broke my internet, so I am building a GNU one". I > understand the sentiment. > > However: Loads of eyes are looking at the kernel, and if > I were to trust my intuition, I'd say that the back doors > are more likely (or more numerous) in the processor, > its microcode, the graphics card firmware and the ACPI > nonsense. > > So: Coding a new kernel is probably one of the more expensive > security exercises. Rebuilding from source is cheap, but it > is unclear if it would remove the backdoors (keywords "On > trusting trust", duckduckgo them, yandex it). > > However: The big security improvement you - Jimmy Johnson > aka field.engin...@gmail.com can make without requiring any > special skills is to stop using gmail. > > Google has pioneered many of the major privacy abuses: > > - the overt scanning of people's mail via gmail > - the gathering of access point data via its streetview cars >(got them into trouble in France, the rest of the world >didn't want to notice) > - its worldwide web tracking effort via google anal itics, >fonts.googleapis, doubleclick.nyet > - the major spyware known as chrome and its associated >corruption of mozilla Plus running the same dirty tricks that in the past M$ played against Netscape/Mozilla/Firefox and Opera to make it's own browser Explorer look better: serving bad web pages based on the requesting client: https://news.slashdot.org/story/18/07/08/2241237/firefox-and-the-4-year-battle-to-have-google-to-treat-it-as-a-first-class-citizen "After years of requests, meetings, and to and fro, it has hit a point where the developers of Firefox are experimenting by manipulating the user agent string in its nightly development builds to trick Google into thinking that Firefox Mobile is a Chrome browser. Not only does Google's search page degrade for Firefox on Android, but some new properties like Google Flights have occasionally taken to outright blocking of the browser." "Do no evil", right? Yeah, sure! Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Sun, 8 Jul 2018 at 17:35:01 -0700 Jimmy Johnson wrote: > On 07/07/2018 05:03 AM, Alessandro Selli wrote: >> On Fri, 6 Jul 2018 at 10:52:20 -0700 >> Jimmy Johnson wrote: >> >>> Good sources tell me we need our own kernel, >> >>Why? What's wrong with the available ones? > > > Devuan is there someone that can at lest look at the Debian kernel? I think Devuan devs have more important things to do that looking for a pin in a haystack. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 at 15:16:27 -0400 Steve Litt wrote: > Jimmy, you've just won a free procmail trip to /dev/null on my > computer. Isn't this a stylish way to put it? :-) Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
Jimmy Johnson - 09.07.18, 12:00: > On 07/09/2018 02:53 AM, Martin Steigerwald wrote: > > Hi Katola. > > > > KatolaZ - 09.07.18, 09:51: > >> On Sun, Jul 08, 2018 at 03:52:48PM -0700, Jimmy Johnson wrote: > >>> On 07/08/2018 02:49 PM, info at smallinnovations dot nl wrote: > On 08-07-18 23:32, aitor_czr wrote: > > Hi Jimmy, > > > > El 08/07/18 a las 23:24, Jimmy Johnson escribió: > >> Thoughts? Volunteers? > > > > I also would like to see devuan including its own kernel. I can > > help > > on packaging stuff. > > > > Aitor. > > I am not a kernel guy so maybe i am asking a stupid question; but > what other parts besides the official kernel from kernel.org > would you install? Or leave out? > >>> > >>> I don't think Linus is trying to hide anything, he just can't talk > >>> about a backdoor and will deny a backdoor if you ask him about > >>> one. > >>> > >>> Something I haven't done but maybe a kernel source package can be > >>> opened to expose what is in there? Something way over my head. > >>> Anybody friends with Klaus Knopper? Or has other sources for help? > >>> Maybe someone from Puppy Linux? > >> > >> The only problem with this theory is that Linus has not been the > >> only > >> developer of the Linux kernel at least since September 1991. > >> Nowadays > >> the Linux kernel has thousands of developers. If such a "backdoor" > >> existed, we would know about it, as we knew about the Spectre and > >> Meltdown vulnerabilities. You simply can't silence everybody, even > >> if > >> you are the NSA. > >> > >> Literally anybody can get the sources of the Linux kernel and read > >> through it. So I guess your fears are somehow unjustified... > > > > I agree with that. > > > > This discussion seems bordering on conspiracy theories. Those claim > > that something might be true and sow fear, uncertainty and doubt. > > Some parts of conspiracy theories may turn out to have been true, > > like for example all the spying the NSA and other secret agencies > > are doing. But I see no benefit in fearing something I have seen no > > proof of. > > > > Anyone ever saw any proof that such a backdoor exists within the > > Linux kernel source? I haven´t. > > > > Aside from that, I´d be more vary about the firmware in PCs. The > > closed- source binary blobs almost everyone is using who is using a > > computer these days. > > > > I do not think this discussion is helpful. There may be reasons for > > an own kernel, but IMO this is no reason. > > Martin you are active with both KDE and Debian Development, I would > not expect you to be of much help, so pleas stay out of the way. I wanted to write a longer reply, but there is no point, for as long as you decide that I am or KatolaZ or the Linux kernel are against you. But in case you´d like to check whether I contributed something to a Debian package *specifically* for the aim of Devuan, just check the changelog of the fio package. Beware, there may be facts inside. -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 03:53:01 -0700 Jimmy Johnson wrote: > On 07/09/2018 03:22 AM, KatolaZ wrote: > > I guess we need to calm down a bit here? Martin expressed his > > view. You Jimmy expressed yours, and nobody asked you to get/stay > > out of the way. I presume you should give to the opinions of others > > the same treatment you expect for yours, as a baseline. Or at least > > expect your opinions to be treated with the same respect with which > > you treat those of others... > > > > HND > > > > KatolaZ > > > You've been showing contempt and disrespect for me since my first > post in this group, never helpful. Why do you want to stand in the > way of people in this group looking for malware in this distro? Jimmy, you've just won a free procmail trip to /dev/null on my computer. You've been on the DNG list 3 months as of tomorrow. KatolaZ has been on this list since 1/25/2015 or before, making positive contributions the whole time, and I'm pretty sure he was one of the VUAs that started this revolution, before starting this revolution was cool. And I'm pretty sure KatolaZ and I were emailing each other about systemd replacement as early as 2014. When KatolaZ talks, I listen. SteveT Steve Litt Author: The Key to Everyday Excellence http://www.troubleshooters.com/key Twitter: http://www.twitter.com/stevelitt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
Quoting KatolaZ (kato...@freaknet.org): > This is not a definitive citation, but looks like a concrete starting > point for a rational discussion: > > https://outflux.net/blog/archives/2016/10/18/security-bug-lifetime/ Kees Cook has always done really good work. > TL;DR: The article shows that only 2 Critical CVEs and 34 High CVEs > were found in the Linux kernel between v.2.6.12 and v.4.9. This covers > about 10 years of kernel development, during which the kernel has > increased its size from about 8M LOC (2006) to about 22M LOC > (2016). It's fair to stress that most of the increase is due to device > drivers though, not to internal kernel components (which have > increased in size, nevertheless). A good point -- and illustrates another point that I observed over years of interpreting CVEs for a living: Just because a piece of code gets installed on your system doesn't mean your system need be configured to use it. At $FIRM, I can't even say how many times a CVE turned out not to apply to our systems upon examination because it relied on exploiting optional code not locally enabled. And of course, unused device drivers would be a case in point. -- Cheers, "I am a member of a civilization (IAAMOAC). Step back Rick Moenfrom anger. Study how awful our ancestors had it, yet r...@linuxmafia.com they struggled to get you here. Repay them by appreciating McQ! (4x80) the civilization you inherited." -- David Brin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
Hello Jimmy > Today Linux is pretty much owned by the NSA, including it's developers, not > many educated eyes out there anymore to spot and report malware. Things have > changed. So there is a nice poster around with a grumpy cat saying "The NSA broke my internet, so I am building a GNU one". I understand the sentiment. However: Loads of eyes are looking at the kernel, and if I were to trust my intuition, I'd say that the back doors are more likely (or more numerous) in the processor, its microcode, the graphics card firmware and the ACPI nonsense. So: Coding a new kernel is probably one of the more expensive security exercises. Rebuilding from source is cheap, but it is unclear if it would remove the backdoors (keywords "On trusting trust", duckduckgo them, yandex it). However: The big security improvement you - Jimmy Johnson aka field.engin...@gmail.com can make without requiring any special skills is to stop using gmail. Google has pioneered many of the major privacy abuses: - the overt scanning of people's mail via gmail - the gathering of access point data via its streetview cars (got them into trouble in France, the rest of the world didn't want to notice) - its worldwide web tracking effort via google anal itics, fonts.googleapis, doubleclick.nyet - the major spyware known as chrome and its associated corruption of mozilla Summary: Google is probably *the* entity which has moved the Overton window towards the view that spying is socially acceptable. So: I struggle to reconcile your security concerns with your use of gmail. So maybe once you stop using gmail I'll examine your views on the NSAs kernel ownership more seriously Sorry marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 11:06:55 +0200 KatolaZ wrote: > On Mon, Jul 09, 2018 at 06:06:12PM +1000, Andrew McGlashan wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > > > > > On 09/07/18 17:51, KatolaZ wrote: > > > Literally anybody can get the sources of the Linux kernel and > > > read through it. So I guess your fears are somehow > > > unjustified... > > > > There were long standing problems with openssl -- the source code > > was fully available, anybody could have found the problems, but > > they didn't. > > > > The Linux Kernel is HUGE, the possibility to find something that > > shouldn't be there would not be very easy. Binary blobs remain the > > most "risky" components, but anything else can easily hide in plain > > sigh t. > > > > Yeah, so what should we do? Stop working on Devuan and get a couple of > years off just to check that the kernels provided in the > already-released packages does not have any NSA backdoor? > > o_O > I think you just put things in perspective, KatolaZ. Extrapolating what you just said to users, what should I do? Stop using computers because CIA and NSA? I'd better stop using a phone too. I'd better stop walking downtown, because they have face recognition software downtown. I'd better stop using a credit card and leaving a money trail. You do your best to ensure your privacy, and don't use any technologies that are grossly privacy stupid (Google Home, for instance), encrypt your communications when you can. But if you're going to keep yourself secret from a state sponsored investigative agency who wants to learn about you specifically, you'll have to make a lot of difficult life choices, and basically leave mainstream society. What kernel you use on your desktop or laptop will be the least of your problems. Starting in the late 1970's, I never said anything on the telephone I didn't want the FBI to hear. But I didn't give up using a phone. SteveT Steve Litt Author: The Key to Everyday Excellence http://www.troubleshooters.com/key Twitter: http://www.twitter.com/stevelitt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 07:59:11AM -0700, Jimmy Johnson wrote: [cut] > > > [PDF]D-Bus in the Kernel - LinuxCon 2014, Tokyo, Japan > > https://events.static.linuxfound.org/sites/events/files/slides/linuxconjapan2014.pdf > > > GitHub - "dbus-like" code for the Linux kernel > https://github.com/gregkh/kdbus > There is no kdbus support in the official Linux kernel. It has been vetoed twice by Linus Torvalds. > OutlawCountry exploit - What this won't tell you is that it was created for > the CIA and first tested in Fedora, was designed to read windows file > servers. they got caught. > https://access.redhat.com/solutions/3099221 > > Today Linux is pretty much owned by the NSA, including it's developers, not > many educated eyes out there anymore to spot and report malware. Things have > changed. > The one you mentioned is not a backdoor in the Linux kernel, rather a vulnerability in a kernel distributed by RedHat, which was not proven to be a backdoor. The vulnerability requires the attacker to be already root in the system. Then, Linux 2.6.32 was available only on Debian Squeeze, which is three releases behind the current Debian and Devuan stable... Do you have anything more concrete, please? > > I can't say I have examined all that stuff in detail, but I think I > > have a very rough idea of what is going on under the hood. And what I > > saw is that the Linux kernel is in general very easy to read and to > > understand. Hence my conclusion: if anything wrong was there, we would > > most probably know already. > > > KatolaZ, I came looking for help. Reading a linux kernel requires knowledge > of software engineering, I don't have that knowledge or experience, even if > I open kernel source I would have no idea what I was looking at. I just > want to know if dbus or any other exploit is in the kernel. And/or can we > have are own kernel? > No Jimmy, you came here crying that Devuan needed to have another kernel because you had heard that unspecified kernel developers had said that there are backdoors put by the NSA in the Linux kernel. And you have not been able to substantiate your statement with any concrete reference. If you think that the two links you reported above are actually supporting your claims, then there is nothing more left to talk about. I don't know and I don't understand a lot of things. And for those many things I don't understand and I don't know, I am left with trusting the judgement of others who understand them better than I do. I find it quite disapponting, but it's the price I have to pay for my own ignorance. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 07:59:11 -0700 Jimmy Johnson wrote: > KatolaZ, I came looking for help. Reading a linux kernel requires > knowledge of software engineering, I don't have that knowledge or > experience, even if I open kernel source I would have no idea what I > was looking at. I just want to know if dbus or any other exploit is > in the kernel. That wasn't what you asked. > And/or can we have are own kernel? You can have your own kernel. That is the whole point of FOSS. Easiest way is to obtain the source kernel source code and include/exclude the bits you want in it. The caveat is that when it breaks, you are the person responsible for fixing it. As far as dbus goes, read the various posts from people who are working to remove/not use it. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 09/07/18 15:59, Jimmy Johnson wrote: On 07/09/2018 04:17 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 04:02:23AM -0700, Jimmy Johnson wrote: On 07/09/2018 03:53 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: [cut] Well some of those kernel experts are saying you need to check your kernel. Also how you respond to this thread speaks volumes. Please, share some relevant links then, and let us understand what you are talking about. If you keep mentioning unspecified "kernel experts" and what they have allegedly said about the Linux kernel without providing any evidence for your claims, your posts can be easily misinterpreted by a distracted reader as FUD. It's simple, because they can't say any more than Linus can, you are not being helpful and I will now stop replying to your unhelpful post. What you can do is look for malware, do some investigative research, just educate yourself, what I know is out there for all to read. So if those "kernel experts" are not saying more than Linus can say, how comes that you got to know what they haven't dare to say to anybody else? o_O I guess we should all educate ourselves in substantiating our claims with facts, instead of throwing stones at random. I have had the opportunity to read through several parts of the Linux kernel in the past, mostly related to networking, scheduling, and vfs. Once I had to modify the vfs layer to trasparently include symmetric encryption for all the supported FS. I guess it was 2.4 or 2.6. Another time I developed a full soft real-time stack for ad-hoc sensor networking (that was definitely 2.6). I also had the opportunity to develop several custom device drivers, back in the days, and even to do some reverse-engineering on a few "closed" drivers. [PDF]D-Bus in the Kernel - LinuxCon 2014, Tokyo, Japan https://events.static.linuxfound.org/sites/events/files/slides/linuxconjapan2014.pdf GitHub - "dbus-like" code for the Linux kernel https://github.com/gregkh/kdbus OutlawCountry exploit - What this won't tell you is that it was created for the CIA and first tested in Fedora, was designed to read windows file servers. they got caught. https://access.redhat.com/solutions/3099221 Today Linux is pretty much owned by the NSA, including it's developers, not many educated eyes out there anymore to spot and report malware. Things have changed. I can't say I have examined all that stuff in detail, but I think I have a very rough idea of what is going on under the hood. And what I saw is that the Linux kernel is in general very easy to read and to understand. Hence my conclusion: if anything wrong was there, we would most probably know already. KatolaZ, I came looking for help. Reading a linux kernel requires knowledge of software engineering, I don't have that knowledge or experience, even if I open kernel source I would have no idea what I was looking at. I just want to know if dbus or any other exploit is in the kernel. And/or can we have are own kernel? Thanks, What do you mean by 'having our own kernel' ? Read 'Linux From Scratch' and compile your own kernel - or use gentoo. Now if you mean our very own kernel with little or nothing from kernel.org, then no. Not happening. It would be 100 times more work than creating devuan. If backdoors in the linux kernel bother you I suggest your try one of the BSDs. But to what extent is the irascible Theo de Raadt in the pocket of the NSA too? DaveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 04:15:20PM +0200, Antony Stone wrote: > On Monday 09 July 2018 at 16:10:02, Alessandro Selli wrote: > > > Actually the Linux kernel is the most scrutinized and secure piece of > > software that's around. > > Interesting claim. > > Citation/s? > This is not a definitive citation, but looks like a concrete starting point for a rational discussion: https://outflux.net/blog/archives/2016/10/18/security-bug-lifetime/ TL;DR: The article shows that only 2 Critical CVEs and 34 High CVEs were found in the Linux kernel between v.2.6.12 and v.4.9. This covers about 10 years of kernel development, during which the kernel has increased its size from about 8M LOC (2006) to about 22M LOC (2016). It's fair to stress that most of the increase is due to device drivers though, not to internal kernel components (which have increased in size, nevertheless). It's true that the average time before a bug is discovered can be quite high (the average is about 5 years), but it's also true that the average time to get it fixed once discovered is in the order of days, if not hours. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 04:17 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 04:02:23AM -0700, Jimmy Johnson wrote: On 07/09/2018 03:53 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: [cut] Well some of those kernel experts are saying you need to check your kernel. Also how you respond to this thread speaks volumes. Please, share some relevant links then, and let us understand what you are talking about. If you keep mentioning unspecified "kernel experts" and what they have allegedly said about the Linux kernel without providing any evidence for your claims, your posts can be easily misinterpreted by a distracted reader as FUD. It's simple, because they can't say any more than Linus can, you are not being helpful and I will now stop replying to your unhelpful post. What you can do is look for malware, do some investigative research, just educate yourself, what I know is out there for all to read. So if those "kernel experts" are not saying more than Linus can say, how comes that you got to know what they haven't dare to say to anybody else? o_O I guess we should all educate ourselves in substantiating our claims with facts, instead of throwing stones at random. I have had the opportunity to read through several parts of the Linux kernel in the past, mostly related to networking, scheduling, and vfs. Once I had to modify the vfs layer to trasparently include symmetric encryption for all the supported FS. I guess it was 2.4 or 2.6. Another time I developed a full soft real-time stack for ad-hoc sensor networking (that was definitely 2.6). I also had the opportunity to develop several custom device drivers, back in the days, and even to do some reverse-engineering on a few "closed" drivers. [PDF]D-Bus in the Kernel - LinuxCon 2014, Tokyo, Japan https://events.static.linuxfound.org/sites/events/files/slides/linuxconjapan2014.pdf GitHub - "dbus-like" code for the Linux kernel https://github.com/gregkh/kdbus OutlawCountry exploit - What this won't tell you is that it was created for the CIA and first tested in Fedora, was designed to read windows file servers. they got caught. https://access.redhat.com/solutions/3099221 Today Linux is pretty much owned by the NSA, including it's developers, not many educated eyes out there anymore to spot and report malware. Things have changed. I can't say I have examined all that stuff in detail, but I think I have a very rough idea of what is going on under the hood. And what I saw is that the Linux kernel is in general very easy to read and to understand. Hence my conclusion: if anything wrong was there, we would most probably know already. KatolaZ, I came looking for help. Reading a linux kernel requires knowledge of software engineering, I don't have that knowledge or experience, even if I open kernel source I would have no idea what I was looking at. I just want to know if dbus or any other exploit is in the kernel. And/or can we have are own kernel? Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 at 16:15:20 +0200 Antony Stone wrote: > On Monday 09 July 2018 at 16:10:02, Alessandro Selli wrote: > >> Actually the Linux kernel is the most scrutinized and secure piece of >> software that's around. > > Interesting claim. > > Citation/s? https://www.linuxfoundation.org/2017-linux-kernel-report-landing-page/ https://storage.pardot.com/6342/188781/Publication_LinuxKernelReport_2017.pdf Version Developers Companies 4.8 1,597 262 4.9 1,729 270 4.101,680 273 4.111,741 268 4.121,821 274 4.131,681 225 "Since the beginning of the git era (the 2.6.11 release in 2005), a total of 15,637 developers have contributed to the Linux kernel; those developers worked for a minimum of 1,513 companies." And this lists only those developers and companies who contributed to the official code; it does not list security auditors or developers/companies who work on custom versions of the kernel. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 11:03:11 +0200, KatolaZ wrote in message <20180709090311.dfizki4zlq6ru...@katolaz.homeunix.net>: > On Sun, Jul 08, 2018 at 11:52:41PM +0200, aitor_czr wrote: > > Hi again, > > > > El 08/07/18 a las 23:49, info at smallinnovations dot nl escribió: > > > I am not a kernel guy so maybe i am asking a stupid question; but > > > what other parts besides the official kernel from kernel.org > > > would you install? Or leave out? > > > > I would leave out binary blobs :) > > > > The Debian kernel already comes stripped of any binary blob, at least > since Squeeze was testing (i.e., since about 2009). Binary firmware > packages have been available in the non-free component since them. If > you don't install any of those non-free packages, your kernel is > equivalent to the one provided by LinuxLibre, the only difference > being that you can still load binary blobs if you wish so (while that > is forbidden in the kernels released by LinuxLibre). > > What are we talking about, exactly? ..I'd say we'd look for "binary binary poisons", like the binary poisons made by combining 2 or more innocent chemicals to produce e.g. poison nerve gases of the kinds banned in chemical warfare. ..is a _partial_ install of systemd capable of loading such banned binary etc "binary nerve agents?" -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Monday 09 July 2018 at 16:10:02, Alessandro Selli wrote: > Actually the Linux kernel is the most scrutinized and secure piece of > software that's around. Interesting claim. Citation/s? Antony. -- Don't procrastinate - put it off until tomorrow. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 at 18:06:12 +1000 Andrew McGlashan wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > > > On 09/07/18 17:51, KatolaZ wrote: >> Literally anybody can get the sources of the Linux kernel and read >> through it. So I guess your fears are somehow unjustified... > > There were long standing problems with openssl -- the source code was > fully available, anybody could have found the problems, but they didn't. Yes, there were bugs. Not backdoors. OpenSSL is a project that very hardly compares to the Linux kernel: https://en.wikipedia.org/wiki/OpenSSL "The OpenSSL project management team consists of 8 people, and the entire development group consists of 13 members, out of which 10 are volunteers. There are only three full-time employees." > The Linux Kernel is HUGE, the possibility to find something that > shouldn't be there would not be very easy. However, all the backdoors I know of were found in proprietary software (like Cisco) or in Linux-running comsumer networking appliances operated with the admin default password or left unpatched for years. > Binary blobs remain the > most "risky" components, but anything else can easily hide in plain sigh > t. Actually the Linux kernel is the most scrutinized and secure piece of software that's around. There's no way a few people could make it more secure than it already is by forking it. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Sun, 8 Jul 2018 at 14:24:32 -0700 Jimmy Johnson wrote: > On 07/08/2018 02:25 AM, Antony Stone wrote: > > On Saturday 07 July 2018 at 14:03:33, Alessandro Selli wrote: > > > >> On Fri, 6 Jul 2018 at 10:52:20 -0700 Jimmy Johnson wrote: > >> > >>> Good sources > > > > Who / where? > > > You have to do a lot of reading, the information is out there Where? Please provide with some reference. > going back > to 2012 the main source is wanted by usa The Linux kernel sources have always been free for everybody to download and use the way they seem fit. > and has been given a gag order > by his keepers or will be forced to leave his protected living quarters. Sounds like a childish conspiracy theory to me. tell me we need our own kernel, >>> >>>Why? What's wrong with the available ones? [...] > 'IF' our existing kernel has a > backdoor client in it there is nothing 'I' can do about it, Yes, you can: you can remove it, you can patch the kernel. > but sources say I need to roll my own kernel. Starting from what? A from-scratch rewrite of the kernel? Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018, Jimmy Johnson wrote: > On 07/09/2018 03:53 AM, KatolaZ wrote: > > On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: > > > > [cut] > > > > > > > > > > > Well some of those kernel experts are saying you need to check your > > > kernel. > > > Also how you respond to this thread speaks volumes. > > > > Please, share some relevant links then, and let us understand what you > > are talking about. > > > > If you keep mentioning unspecified "kernel experts" and what they have > > allegedly said about the Linux kernel without providing any evidence > > for your claims, your posts can be easily misinterpreted by a > > distracted reader as FUD. > > It's simple, because they can't say any more than Linus can, you are not being > helpful and I will now stop replying to your unhelpful post. > > What you can do is look for malware, do some investigative research, just > educate yourself, what I know is out there for all to read. But you heve NEVER provided any links or references to back up your assertions. It is my OPINION that you are a troll. Jim (long time lurker) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 13:34:44 +0200 KatolaZ wrote: > On Mon, Jul 09, 2018 at 09:30:48PM +1000, terryc wrote: > > On Mon, 9 Jul 2018 04:09:14 -0700 > > Jimmy Johnson wrote: > > > > > There's a big difference, I'm not the one trying to stop people > > > from taking a interest an their distros security and you are. No > > > more reply's to you unless you show a interest in helping find > > > malware in this distro. > > > > 1: I already know where the malware is; between your ears. > > 2; Pot, kettle, black OR Put up ot shut up. > > > > Again, please: let's keep it civilised, and avoid to get personal. We > are trying to understand more about possible backdoors in the Linux > kernel, and personal attacks won't make the case a single bit more > clear... Naah, do not hold your breath. JJ is never going to deliver. All he delivered was insults and I'm way past following that french guy who said something along the lines "I'll support to my death your right to say what you want". JJ set the bar and received the response he deserved. This list is not the place to receive the support he seems to need in mental health. Now, we can all go back to assisting people with Devuan related problems and uses. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 13:27:03 +0200 KatolaZ wrote: > On Mon, Jul 09, 2018 at 12:15:27PM +0100, Rowland Penny wrote: > > [cut] > > > > > Jimmy, please either put up or shut up. > > If there are 'backdoors' in the kernel code, tells us where they > > are, if you cannot or will not, just shut up. > > > > Again, please, let's do our best to keep this discussion > civilised. That's the reason I always ask for facts and references, > because opinions can be easily misintepreted, and can quicly drive a > civilised discussion down to a flame :) I thought I was being civilised, if you want, I could post an uncivilised version ;-) > > It would be great to have at least one link to a place where a kernel > developer discusses a possible backdoor in the Linux kernel. That > would set the bar of the discussion to a more concrete level, IMHO. > I thought that was basically what I asked for, information on these 'backdoors' that Jimmy is so worried about, either that or stop posting about something he cannot backup with proof, or as I said 'put up or shut up' Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 09:30:48PM +1000, terryc wrote: > On Mon, 9 Jul 2018 04:09:14 -0700 > Jimmy Johnson wrote: > > > There's a big difference, I'm not the one trying to stop people from > > taking a interest an their distros security and you are. No more > > reply's to you unless you show a interest in helping find malware in > > this distro. > > 1: I already know where the malware is; between your ears. > 2; Pot, kettle, black OR Put up ot shut up. > Again, please: let's keep it civilised, and avoid to get personal. We are trying to understand more about possible backdoors in the Linux kernel, and personal attacks won't make the case a single bit more clear... Thanks KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 04:09:14 -0700 Jimmy Johnson wrote: > There's a big difference, I'm not the one trying to stop people from > taking a interest an their distros security and you are. No more > reply's to you unless you show a interest in helping find malware in > this distro. 1: I already know where the malware is; between your ears. 2; Pot, kettle, black OR Put up ot shut up. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 12:15:27PM +0100, Rowland Penny wrote: [cut] > > Jimmy, please either put up or shut up. > If there are 'backdoors' in the kernel code, tells us where they are, > if you cannot or will not, just shut up. > Again, please, let's do our best to keep this discussion civilised. That's the reason I always ask for facts and references, because opinions can be easily misintepreted, and can quicly drive a civilised discussion down to a flame :) It would be great to have at least one link to a place where a kernel developer discusses a possible backdoor in the Linux kernel. That would set the bar of the discussion to a more concrete level, IMHO. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 04:02:23 -0700 Jimmy Johnson wrote: > On 07/09/2018 03:53 AM, KatolaZ wrote: > > On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: > > > > [cut] > > > >> > >> > >> Well some of those kernel experts are saying you need to check > >> your kernel. Also how you respond to this thread speaks volumes. > > > > Please, share some relevant links then, and let us understand what > > you are talking about. > > > > If you keep mentioning unspecified "kernel experts" and what they > > have allegedly said about the Linux kernel without providing any > > evidence for your claims, your posts can be easily misinterpreted > > by a distracted reader as FUD. > > It's simple, because they can't say any more than Linus can, you are > not being helpful and I will now stop replying to your unhelpful post. !: BULLSHIT 2; any chance you can stop spamming the list? > > What you can do is look for malware, do some investigative research, > just educate yourself, what I know is out there for all to read. Hahahaha, mate, you claim equal experience to what I have and yet you display continual stupidity. How long has mummy let you connect to the internet. Hint, its long been an established practice on this here place for the claimant to provide the evidence for their claim. Hint, this is a Linux list. > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 04:02:23AM -0700, Jimmy Johnson wrote: > On 07/09/2018 03:53 AM, KatolaZ wrote: > > On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: > > > > [cut] > > > > > > > > > > > Well some of those kernel experts are saying you need to check your > > > kernel. > > > Also how you respond to this thread speaks volumes. > > > > Please, share some relevant links then, and let us understand what you > > are talking about. > > > > If you keep mentioning unspecified "kernel experts" and what they have > > allegedly said about the Linux kernel without providing any evidence > > for your claims, your posts can be easily misinterpreted by a > > distracted reader as FUD. > > It's simple, because they can't say any more than Linus can, you are not > being helpful and I will now stop replying to your unhelpful post. > > What you can do is look for malware, do some investigative research, just > educate yourself, what I know is out there for all to read. > So if those "kernel experts" are not saying more than Linus can say, how comes that you got to know what they haven't dare to say to anybody else? o_O I guess we should all educate ourselves in substantiating our claims with facts, instead of throwing stones at random. I have had the opportunity to read through several parts of the Linux kernel in the past, mostly related to networking, scheduling, and vfs. Once I had to modify the vfs layer to trasparently include symmetric encryption for all the supported FS. I guess it was 2.4 or 2.6. Another time I developed a full soft real-time stack for ad-hoc sensor networking (that was definitely 2.6). I also had the opportunity to develop several custom device drivers, back in the days, and even to do some reverse-engineering on a few "closed" drivers. I can't say I have examined all that stuff in detail, but I think I have a very rough idea of what is going on under the hood. And what I saw is that the Linux kernel is in general very easy to read and to understand. Hence my conclusion: if anything wrong was there, we would most probably know already. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 04:02:23 -0700 Jimmy Johnson wrote: > On 07/09/2018 03:53 AM, KatolaZ wrote: > > On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: > > > > [cut] > > > >> > >> > >> Well some of those kernel experts are saying you need to check > >> your kernel. Also how you respond to this thread speaks volumes. > > > > Please, share some relevant links then, and let us understand what > > you are talking about. > > > > If you keep mentioning unspecified "kernel experts" and what they > > have allegedly said about the Linux kernel without providing any > > evidence for your claims, your posts can be easily misinterpreted > > by a distracted reader as FUD. > > It's simple, because they can't say any more than Linus can, you are > not being helpful and I will now stop replying to your unhelpful post. > > What you can do is look for malware, do some investigative research, > just educate yourself, what I know is out there for all to read. > > Thanks, Jimmy, please either put up or shut up. If there are 'backdoors' in the kernel code, tells us where they are, if you cannot or will not, just shut up. Note to moderator: I would have been moderating his posts by now. Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Monday 09 July 2018 at 12:53:01, Jimmy Johnson wrote: > On 07/09/2018 03:22 AM, KatolaZ wrote: > > > > I guess we need to calm down a bit here? Martin expressed his > > view. You Jimmy expressed yours, and nobody asked you to get/stay out > > of the way. I presume you should give to the opinions of others the > > same treatment you expect for yours, as a baseline. Or at least expect > > your opinions to be treated with the same respect with which you treat > > those of others... > > You've been showing contempt and disrespect for me since my first post > in this group, never helpful. I can find no evidence of that whatsoever, reading back over your threads from April 10th, April 22nd and June 13th - which are the only threads I see started by you on this list. > Why do you want to stand in the way of people in this group looking for > malware in this distro? KatolaZ is not standing in the way of people looking for malware. He is asking for anyone to claims to have found evidence of it to show that. I agree with him. Antony. -- Anyone that's normal doesn't really achieve much. - Mark Blair, Australian rocket engineer Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 04:01 AM, Antony Stone wrote: On Monday 09 July 2018 at 12:42:40, Jimmy Johnson wrote: On 07/09/2018 03:16 AM, KatolaZ wrote: There are lots of people out there who understand a lot more about the Linux kernel than many of us here. I simply decided to trust them, collectively, because I know that nobody can buy all of them. Well some of those kernel experts are saying you need to check your kernel. It is just as plausible that these kernel experts are deliberately spreading fear, uncertainty and doubt with no substance whatsoever. Any responsible person who says "you need to check your kernel; there may be a backdoor (or two) in it" would point at what they found to back up their claim. Even if this results in said backdoor being promptly removed, only for another one to be lurking elsewhere unannounced, it's an improvement in the security of the code, and everyone knows that the person was speaking truthfully. Anyone who claims to know there are backdoors but doesn't say why they believe this, what the backdoors are, or where to find further information about them, is only as bad as a "security researcher" who claims to have identified a vulnerability in code (which I regard as different from a backdoor because vulnerabilities are accidental, backdoors are deliberate) but refuses to provide responsible disclosure to the vendor / developer responsible for that code and thereby leaves it open to (further) exploitation. Also how you respond to this thread speaks volumes. This, of course, is also true about you. Antony. There's a big difference, I'm not the one trying to stop people from taking a interest an their distros security and you are. No more reply's to you unless you show a interest in helping find malware in this distro. Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Monday 09 July 2018 at 13:02:23, Jimmy Johnson wrote: > what I know is out there for all to read. So give us some URLs to what you have already found. Or are you just trying to waste our time? Antony. -- The first fifty percent of an engineering project takes ninety percent of the time, and the remaining fifty percent takes another ninety percent of the time. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 03:53 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: [cut] Well some of those kernel experts are saying you need to check your kernel. Also how you respond to this thread speaks volumes. Please, share some relevant links then, and let us understand what you are talking about. If you keep mentioning unspecified "kernel experts" and what they have allegedly said about the Linux kernel without providing any evidence for your claims, your posts can be easily misinterpreted by a distracted reader as FUD. It's simple, because they can't say any more than Linus can, you are not being helpful and I will now stop replying to your unhelpful post. What you can do is look for malware, do some investigative research, just educate yourself, what I know is out there for all to read. Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Monday 09 July 2018 at 12:42:40, Jimmy Johnson wrote: > On 07/09/2018 03:16 AM, KatolaZ wrote: > > > > There are lots of people out there who understand a lot more about the > > Linux kernel than many of us here. I simply decided to trust them, > > collectively, because I know that nobody can buy all of them. > > Well some of those kernel experts are saying you need to check your > kernel. It is just as plausible that these kernel experts are deliberately spreading fear, uncertainty and doubt with no substance whatsoever. Any responsible person who says "you need to check your kernel; there may be a backdoor (or two) in it" would point at what they found to back up their claim. Even if this results in said backdoor being promptly removed, only for another one to be lurking elsewhere unannounced, it's an improvement in the security of the code, and everyone knows that the person was speaking truthfully. Anyone who claims to know there are backdoors but doesn't say why they believe this, what the backdoors are, or where to find further information about them, is only as bad as a "security researcher" who claims to have identified a vulnerability in code (which I regard as different from a backdoor because vulnerabilities are accidental, backdoors are deliberate) but refuses to provide responsible disclosure to the vendor / developer responsible for that code and thereby leaves it open to (further) exploitation. > Also how you respond to this thread speaks volumes. This, of course, is also true about you. Antony. -- "It would appear we have reached the limits of what it is possible to achieve with computer technology, although one should be careful with such statements; they tend to sound pretty silly in five years." - John von Neumann (1949) Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 03:53:01AM -0700, Jimmy Johnson wrote: [cut] > > > > > > uh?!? o_O > > > > I guess we need to calm down a bit here? Martin expressed his > > view. You Jimmy expressed yours, and nobody asked you to get/stay out > > of the way. I presume you should give to the opinions of others the > > same treatment you expect for yours, as a baseline. Or at least expect > > your opinions to be treated with the same respect with which you treat > > those of others... > > > > HND > > > > KatolaZ > > > You've been showing contempt and disrespect for me since my first post in > this group, never helpful. Why do you want to stand in the way of people in > this group looking for malware in this distro? > o_O All the devuan repos are public. The sources of all the packages forked by Devuan are available at: https://git.devuan.org/devuan-packages Anybody is free to check any of those packages, one by one. If anybody finds something suspicious, or wrong, they should shout out as loud as possible, and as soon as possible. There is already so much hatred against Devuan. What we need is facts, not more FUD. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: [cut] > > > Well some of those kernel experts are saying you need to check your kernel. > Also how you respond to this thread speaks volumes. Please, share some relevant links then, and let us understand what you are talking about. If you keep mentioning unspecified "kernel experts" and what they have allegedly said about the Linux kernel without providing any evidence for your claims, your posts can be easily misinterpreted by a distracted reader as FUD. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 03:22 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 03:00:22AM -0700, Jimmy Johnson wrote: [cut] This discussion seems bordering on conspiracy theories. Those claim that something might be true and sow fear, uncertainty and doubt. Some parts of conspiracy theories may turn out to have been true, like for example all the spying the NSA and other secret agencies are doing. But I see no benefit in fearing something I have seen no proof of. Anyone ever saw any proof that such a backdoor exists within the Linux kernel source? I haven�t. Aside from that, I�d be more vary about the firmware in PCs. The closed- source binary blobs almost everyone is using who is using a computer these days. I do not think this discussion is helpful. There may be reasons for an own kernel, but IMO this is no reason. Martin you are active with both KDE and Debian Development, I would not expect you to be of much help, so pleas stay out of the way. Thanks, uh?!? o_O I guess we need to calm down a bit here? Martin expressed his view. You Jimmy expressed yours, and nobody asked you to get/stay out of the way. I presume you should give to the opinions of others the same treatment you expect for yours, as a baseline. Or at least expect your opinions to be treated with the same respect with which you treat those of others... HND KatolaZ You've been showing contempt and disrespect for me since my first post in this group, never helpful. Why do you want to stand in the way of people in this group looking for malware in this distro? Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 03:16 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 02:50:56AM -0700, Jimmy Johnson wrote: On 07/09/2018 01:53 AM, Jimmy Johnson wrote: On 07/09/2018 01:06 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/07/18 17:51, KatolaZ wrote: Literally anybody can get the sources of the Linux kernel and read through it. So I guess your fears are somehow unjustified... Has the thought occurred to you that maybe the people that where finding those problems are now working for the bad guys? I remember way back in my days with windows all the good people finding problems with windows where soon bought up by microsoft, now they are buying up linux, do you really want to give up? Now I read even BSD is going to adopt systemd, it's looking like the without-systemd project is the only hope to save linux and keep it from becoming another microsoft project, I'm not willing to stop, I will still hold a candle for freedom. You can't buy everybody. Not even Intel, which is the largest actor in IT, could silence the group which discovered Spectre and Meltdown, despite the trick costed them billion dollars and despite they were notified of the vulnerabilities several months before they were disclosed to the wide public. Conspiracy theories do not work for a simple reason: you just can't buy everybody, and even if you think you can, people have always liked to talk about their smart discoveries. Almost everybody out there seems to be looking for their 5 minutes of glory. Look for instance at all the clamour around the "fatal PGP vulnerability", which was not a PGP vulnerability at all, rather the manifestation of the sheer incompetence of almost all the developers of MUAs in the last 20 years. The result of that "discovery" was a totally wrong and misleading message: "Oh! Don't encrypt your emails any more because it's DANGEROUS!!!". Which is just plain nonsense, and tells a lot about how the media can disproportionately inflate even the most silly news about the most silly bug. You can fear only what you don't understand, and you can successfully fight only what you understand fully. There are lots of people out there who understand a lot more about the Linux kernel than many of us here. I simply decided to trust them, collectively, because I know that nobody can buy all of them. Well some of those kernel experts are saying you need to check your kernel. Also how you respond to this thread speaks volumes. -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 03:00:22AM -0700, Jimmy Johnson wrote: [cut] > > > > This discussion seems bordering on conspiracy theories. Those claim that > > something might be true and sow fear, uncertainty and doubt. Some parts > > of conspiracy theories may turn out to have been true, like for example > > all the spying the NSA and other secret agencies are doing. But I see no > > benefit in fearing something I have seen no proof of. > > > > Anyone ever saw any proof that such a backdoor exists within the Linux > > kernel source? I haven´t. > > > > Aside from that, I´d be more vary about the firmware in PCs. The closed- > > source binary blobs almost everyone is using who is using a computer > > these days. > > > > I do not think this discussion is helpful. There may be reasons for an > > own kernel, but IMO this is no reason. > > > Martin you are active with both KDE and Debian Development, I would not > expect you to be of much help, so pleas stay out of the way. > > Thanks, uh?!? o_O I guess we need to calm down a bit here? Martin expressed his view. You Jimmy expressed yours, and nobody asked you to get/stay out of the way. I presume you should give to the opinions of others the same treatment you expect for yours, as a baseline. Or at least expect your opinions to be treated with the same respect with which you treat those of others... HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 02:50:56AM -0700, Jimmy Johnson wrote: > On 07/09/2018 01:53 AM, Jimmy Johnson wrote: > > On 07/09/2018 01:06 AM, Andrew McGlashan wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA256 > > > > > > > > > > > > On 09/07/18 17:51, KatolaZ wrote: > > > > Literally anybody can get the sources of the Linux kernel and read > > > > through it. So I guess your fears are somehow unjustified... > > > Has the thought occurred to you that maybe the people that where finding > those problems are now working for the bad guys? I remember way back in my > days with windows all the good people finding problems with windows where > soon bought up by microsoft, now they are buying up linux, do you really > want to give up? Now I read even BSD is going to adopt systemd, it's > looking like the without-systemd project is the only hope to save linux and > keep it from becoming another microsoft project, I'm not willing to stop, I > will still hold a candle for freedom. You can't buy everybody. Not even Intel, which is the largest actor in IT, could silence the group which discovered Spectre and Meltdown, despite the trick costed them billion dollars and despite they were notified of the vulnerabilities several months before they were disclosed to the wide public. Conspiracy theories do not work for a simple reason: you just can't buy everybody, and even if you think you can, people have always liked to talk about their smart discoveries. Almost everybody out there seems to be looking for their 5 minutes of glory. Look for instance at all the clamour around the "fatal PGP vulnerability", which was not a PGP vulnerability at all, rather the manifestation of the sheer incompetence of almost all the developers of MUAs in the last 20 years. The result of that "discovery" was a totally wrong and misleading message: "Oh! Don't encrypt your emails any more because it's DANGEROUS!!!". Which is just plain nonsense, and tells a lot about how the media can disproportionately inflate even the most silly news about the most silly bug. You can fear only what you don't understand, and you can successfully fight only what you understand fully. There are lots of people out there who understand a lot more about the Linux kernel than many of us here. I simply decided to trust them, collectively, because I know that nobody can buy all of them. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 02:53 AM, Martin Steigerwald wrote: Hi Katola. KatolaZ - 09.07.18, 09:51: On Sun, Jul 08, 2018 at 03:52:48PM -0700, Jimmy Johnson wrote: On 07/08/2018 02:49 PM, info at smallinnovations dot nl wrote: On 08-07-18 23:32, aitor_czr wrote: Hi Jimmy, El 08/07/18 a las 23:24, Jimmy Johnson escribió: Thoughts? Volunteers? I also would like to see devuan including its own kernel. I can help on packaging stuff. Aitor. I am not a kernel guy so maybe i am asking a stupid question; but what other parts besides the official kernel from kernel.org would you install? Or leave out? I don't think Linus is trying to hide anything, he just can't talk about a backdoor and will deny a backdoor if you ask him about one. Something I haven't done but maybe a kernel source package can be opened to expose what is in there? Something way over my head. Anybody friends with Klaus Knopper? Or has other sources for help? Maybe someone from Puppy Linux? The only problem with this theory is that Linus has not been the only developer of the Linux kernel at least since September 1991. Nowadays the Linux kernel has thousands of developers. If such a "backdoor" existed, we would know about it, as we knew about the Spectre and Meltdown vulnerabilities. You simply can't silence everybody, even if you are the NSA. Literally anybody can get the sources of the Linux kernel and read through it. So I guess your fears are somehow unjustified... I agree with that. This discussion seems bordering on conspiracy theories. Those claim that something might be true and sow fear, uncertainty and doubt. Some parts of conspiracy theories may turn out to have been true, like for example all the spying the NSA and other secret agencies are doing. But I see no benefit in fearing something I have seen no proof of. Anyone ever saw any proof that such a backdoor exists within the Linux kernel source? I haven´t. Aside from that, I´d be more vary about the firmware in PCs. The closed- source binary blobs almost everyone is using who is using a computer these days. I do not think this discussion is helpful. There may be reasons for an own kernel, but IMO this is no reason. Martin you are active with both KDE and Debian Development, I would not expect you to be of much help, so pleas stay out of the way. Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
Hi Katola. KatolaZ - 09.07.18, 09:51: > On Sun, Jul 08, 2018 at 03:52:48PM -0700, Jimmy Johnson wrote: > > On 07/08/2018 02:49 PM, info at smallinnovations dot nl wrote: > > > On 08-07-18 23:32, aitor_czr wrote: > > > > Hi Jimmy, > > > > > > > > El 08/07/18 a las 23:24, Jimmy Johnson escribió: > > > > > Thoughts? Volunteers? > > > > > > > > I also would like to see devuan including its own kernel. I can > > > > help > > > > on packaging stuff. > > > > > > > >Aitor. > > > > > > I am not a kernel guy so maybe i am asking a stupid question; but > > > what other parts besides the official kernel from kernel.org > > > would you install? Or leave out? > > > > I don't think Linus is trying to hide anything, he just can't talk > > about a backdoor and will deny a backdoor if you ask him about one. > > > > Something I haven't done but maybe a kernel source package can be > > opened to expose what is in there? Something way over my head. > > Anybody friends with Klaus Knopper? Or has other sources for help? > > Maybe someone from Puppy Linux? > > The only problem with this theory is that Linus has not been the only > developer of the Linux kernel at least since September 1991. Nowadays > the Linux kernel has thousands of developers. If such a "backdoor" > existed, we would know about it, as we knew about the Spectre and > Meltdown vulnerabilities. You simply can't silence everybody, even if > you are the NSA. > > Literally anybody can get the sources of the Linux kernel and read > through it. So I guess your fears are somehow unjustified... I agree with that. This discussion seems bordering on conspiracy theories. Those claim that something might be true and sow fear, uncertainty and doubt. Some parts of conspiracy theories may turn out to have been true, like for example all the spying the NSA and other secret agencies are doing. But I see no benefit in fearing something I have seen no proof of. Anyone ever saw any proof that such a backdoor exists within the Linux kernel source? I haven´t. Aside from that, I´d be more vary about the firmware in PCs. The closed- source binary blobs almost everyone is using who is using a computer these days. I do not think this discussion is helpful. There may be reasons for an own kernel, but IMO this is no reason. Thanks, -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 01:53 AM, Jimmy Johnson wrote: On 07/09/2018 01:06 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/07/18 17:51, KatolaZ wrote: Literally anybody can get the sources of the Linux kernel and read through it. So I guess your fears are somehow unjustified... Has the thought occurred to you that maybe the people that where finding those problems are now working for the bad guys? I remember way back in my days with windows all the good people finding problems with windows where soon bought up by microsoft, now they are buying up linux, do you really want to give up? Now I read even BSD is going to adopt systemd, it's looking like the without-systemd project is the only hope to save linux and keep it from becoming another microsoft project, I'm not willing to stop, I will still hold a candle for freedom. There were long standing problems with openssl -- the source code was fully available, anybody could have found the problems, but they didn't. Yes, ssl has been mentioned and also what they call watered down encryption, plus wireless password encryption, I understand is useless. The Linux Kernel is HUGE, the possibility to find something that shouldn't be there would not be very easy. Binary blobs remain the most "risky" components, but anything else can easily hide in plain sigh t. I'm old and trying to remember is not easy at times, I think what we would be looking for could be a dbus-client, also another word mentioned was about 3-4 letters long and the first letter was a 'k' but nothing to do with kde, also mentioned was to check certificate files. This stuff is over my head and I yeld to the experts, but all these things are certainly worth checking out. Another way to corrupt a system is via the firmware and has also been mentioned in my readings. Another thought comes to me, before moving back home I was living in Santa Cruz for 24 yrs, and active in the local PC Club and active in the linux group, we met at UCSC, if I was still living there I don't think it would be hard to get a group together and start looking for these things. I suggest looking for help where ever you can find it. Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 06:06:12PM +1000, Andrew McGlashan wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > > > On 09/07/18 17:51, KatolaZ wrote: > > Literally anybody can get the sources of the Linux kernel and read > > through it. So I guess your fears are somehow unjustified... > > There were long standing problems with openssl -- the source code was > fully available, anybody could have found the problems, but they didn't. > > The Linux Kernel is HUGE, the possibility to find something that > shouldn't be there would not be very easy. Binary blobs remain the > most "risky" components, but anything else can easily hide in plain sigh > t. > Yeah, so what should we do? Stop working on Devuan and get a couple of years off just to check that the kernels provided in the already-released packages does not have any NSA backdoor? o_O -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Sun, Jul 08, 2018 at 11:52:41PM +0200, aitor_czr wrote: > Hi again, > > El 08/07/18 a las 23:49, info at smallinnovations dot nl escribió: > > I am not a kernel guy so maybe i am asking a stupid question; but what > > other parts besides the official kernel from kernel.org would you > > install? Or leave out? > > I would leave out binary blobs :) > The Debian kernel already comes stripped of any binary blob, at least since Squeeze was testing (i.e., since about 2009). Binary firmware packages have been available in the non-free component since them. If you don't install any of those non-free packages, your kernel is equivalent to the one provided by LinuxLibre, the only difference being that you can still load binary blobs if you wish so (while that is forbidden in the kernels released by LinuxLibre). What are we talking about, exactly? HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 01:06 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/07/18 17:51, KatolaZ wrote: Literally anybody can get the sources of the Linux kernel and read through it. So I guess your fears are somehow unjustified... There were long standing problems with openssl -- the source code was fully available, anybody could have found the problems, but they didn't. The Linux Kernel is HUGE, the possibility to find something that shouldn't be there would not be very easy. Binary blobs remain the most "risky" components, but anything else can easily hide in plain sigh t. I'm old and trying to remember is not easy at times, I think what we would be looking for could be a dbus-client, also another word mentioned was about 3-4 letters long and the first letter was a 'k' but nothing to do with kde, also mentioned was to check certificate files. This stuff is over my head and I yeld to the experts, but all these things are certainly worth checking out. Another way to corrupt a system is via the firmware and has also been mentioned in my readings. Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/07/18 17:51, KatolaZ wrote: > Literally anybody can get the sources of the Linux kernel and read > through it. So I guess your fears are somehow unjustified... There were long standing problems with openssl -- the source code was fully available, anybody could have found the problems, but they didn't. The Linux Kernel is HUGE, the possibility to find something that shouldn't be there would not be very easy. Binary blobs remain the most "risky" components, but anything else can easily hide in plain sigh t. Cheers A. -BEGIN PGP SIGNATURE- iF4EAREIAAYFAltDF2wACgkQqBZry7fv4vuOqAEAzsCAqEwTGdeU0naWbKauol8+ HtUPlRJNtcNftl+6G8AA/RE+ahm/ImQblbacaPOEVBDh/UmFqxfdd2NEUQFHroBN =+Tvv -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Monday 09 July 2018 at 09:53:06, KatolaZ wrote: > On Mon, Jul 09, 2018 at 01:17:58AM +0200, Antony Stone wrote: > > [cut] > > > > Something way over my head. > > > Anybody friends with Klaus Knopper? Or has other sources for help? > > > Maybe someone from Puppy Linux? > > > > I think you're confusing the Linux kernel with GNU/Linux distributions. > > > > You might as well start looking at Android, if the Linux kernel is what's > > bothering you. > > Well, actually android has always used a Linux kernel... That was my point. Why look at Puppy Linux in particular, if you're bothered about backdoors in the kernel? The same backdoor would be in Android, so it's just as worth while to look there. Antony. -- "If I've told you once, I've told you a million times - stop exaggerating!" Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 01:17:58AM +0200, Antony Stone wrote: [cut] > > Something way over my head. > > Anybody friends with Klaus Knopper? Or has other sources for help? > > Maybe someone from Puppy Linux? > > I think you're confusing the Linux kernel with GNU/Linux distributions. > > You might as well start looking at Android, if the Linux kernel is what's > bothering you. > Well, actually android has always used a Linux kernel... -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Sun, Jul 08, 2018 at 03:52:48PM -0700, Jimmy Johnson wrote: > On 07/08/2018 02:49 PM, info at smallinnovations dot nl wrote: > > On 08-07-18 23:32, aitor_czr wrote: > > > > > > Hi Jimmy, > > > > > > El 08/07/18 a las 23:24, Jimmy Johnson escribió: > > > > Thoughts? Volunteers? > > > > > > I also would like to see devuan including its own kernel. I can help > > > on packaging stuff. > > > > > > Aitor. > > > > I am not a kernel guy so maybe i am asking a stupid question; but what > > other parts besides the official kernel from kernel.org would you > > install? Or leave out? > > > I don't think Linus is trying to hide anything, he just can't talk about a > backdoor and will deny a backdoor if you ask him about one. > > Something I haven't done but maybe a kernel source package can be opened to > expose what is in there? Something way over my head. > Anybody friends with Klaus Knopper? Or has other sources for help? Maybe > someone from Puppy Linux? The only problem with this theory is that Linus has not been the only developer of the Linux kernel at least since September 1991. Nowadays the Linux kernel has thousands of developers. If such a "backdoor" existed, we would know about it, as we knew about the Spectre and Meltdown vulnerabilities. You simply can't silence everybody, even if you are the NSA. Literally anybody can get the sources of the Linux kernel and read through it. So I guess your fears are somehow unjustified... My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 01:17:58 +0200, Antony wrote in message <201807090117.58753.antony.st...@devuan.open.source.it>: > On Monday 09 July 2018 at 00:52:48, Jimmy Johnson wrote: > > > I don't think Linus is trying to hide anything, he just can't talk > > about a backdoor and will deny a backdoor if you ask him about > > one. > > If there is a backdoor, and he denies it, then he's hiding something. > > If he's not hiding anything, and he denies there's a backdoor, then > there isn't one. > > Please take your pick of logic. ..you in both cases assume Linus does know. The 3'rd and 4'th options are he's telling us all what he believes is the truth, right or wrong. ..in any of these 4 cases, creating a backup etc Devuan kernel is an useful exercise. It's just like wearing your seat belt in vehicles or having atropine handy when you feel weirdly sick for no good reason. ..today, Charles Robert Darwin would conclude "the fittest are the most paranoid." ;o) -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 01:52 AM, Jimmy Johnson wrote: > I don't think Linus is trying to hide anything, he just can't talk > about a backdoor and will deny a backdoor if you ask him about one. If you watch the video of when he was asked that question up front at a conference there is a clear "no" sound from him occurring at the same time he vigorously nods his head, leaving the answer ambiguous for now. Though it was from the time before backdoors, I would still like to see a copy of Gary Kildall's book. A lot of today's troubles still stem from that earlier time. The stakes at the level Torvalds is at are very high. /Lars ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Sun, Jul 08, 2018 at 05:55:29PM -0500, Эльбрус Кондратьев wrote: > > The war on privacy will continue, so I'll suggest to take sustainable > positions. The need of control and 'power' in some people, and the need > to follow orders in others, stands ingrained in their psychological > makeup, adequately documented by Bob Altmeyer > asynchronousexchange.com/resources/the-authoritarians.pdf Excellent book. He sums up, for the layman, his life's research. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/07/2018 05:03 AM, Alessandro Selli wrote: On Fri, 6 Jul 2018 at 10:52:20 -0700 Jimmy Johnson wrote: Good sources tell me we need our own kernel, Why? What's wrong with the available ones? Devuan is there someone that can at lest look at the Debian kernel? Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/08/2018 04:46 PM, terryc wrote: On Sun, 8 Jul 2018 15:52:48 -0700 Jimmy Johnson wrote: Something I haven't done but maybe a kernel source package can be opened to expose what is in there? Something way over my head. I'll admit it has become complicated and it is now a while since I've compiled my own kernel from sources, but my suggestion is that you try to do so. AFAIK, you can craft your own kernel as much as you like, mnay times and until you actually 'install it and reboot' onto it there is no danger. Before you do that, increase the response time out on your mobo/device boot up to allow plenty of time to choose the prior image if there is a problem. Sadly, I'm speaking from the view point of desktop yumcha stuff. Last time I did it, there was a basic gui script that just folded in the various sections you didn't want to fiddle with. Anybody friends with Klaus Knopper? Or has other sources for help? Maybe someone from Puppy Linux? Just use the Debian kernel sources for starters. they are going to be the closest to Eric's eyes(?) dream. I know people who roll kernels and they don't trust themselves to apply a security patch. If you can roll a kernel I will test it for you on a few different computers, how about a ASCII kernel to start? I have systems ready and waiting to try the new kernel. Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Sun, 8 Jul 2018 15:52:48 -0700 Jimmy Johnson wrote: > Something I haven't done but maybe a kernel source package can be > opened to expose what is in there? Something way over my head. I'll admit it has become complicated and it is now a while since I've compiled my own kernel from sources, but my suggestion is that you try to do so. AFAIK, you can craft your own kernel as much as you like, mnay times and until you actually 'install it and reboot' onto it there is no danger. Before you do that, increase the response time out on your mobo/device boot up to allow plenty of time to choose the prior image if there is a problem. Sadly, I'm speaking from the view point of desktop yumcha stuff. Last time I did it, there was a basic gui script that just folded in the various sections you didn't want to fiddle with. > Anybody friends with Klaus Knopper? Or has other sources for help? > Maybe someone from Puppy Linux? Just use the Debian kernel sources for starters. they are going to be the closest to Eric's eyes(?) dream. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/08/2018 04:17 PM, Antony Stone wrote: On Monday 09 July 2018 at 00:52:48, Jimmy Johnson wrote: I don't think Linus is trying to hide anything, he just can't talk about a backdoor and will deny a backdoor if you ask him about one. If there is a backdoor, and he denies it, then he's hiding something. If he's not hiding anything, and he denies there's a backdoor, then there isn't one. Please take your pick of logic. You're talking about something logical and what is going on is not logical, it's pure evil. Something I haven't done but maybe a kernel source package can be opened to expose what is in there? http://kernel.org Something way over my head. Anybody friends with Klaus Knopper? Or has other sources for help? Maybe someone from Puppy Linux? I think you're confusing the Linux kernel with GNU/Linux distributions. You might as well start looking at Android, if the Linux kernel is what's bothering you. And I think you're trying to confuse the subject and not at all making any attempt at being helpful. -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Monday 09 July 2018 at 00:52:48, Jimmy Johnson wrote: > I don't think Linus is trying to hide anything, he just can't talk about > a backdoor and will deny a backdoor if you ask him about one. If there is a backdoor, and he denies it, then he's hiding something. If he's not hiding anything, and he denies there's a backdoor, then there isn't one. Please take your pick of logic. > Something I haven't done but maybe a kernel source package can be opened > to expose what is in there? http://kernel.org > Something way over my head. > Anybody friends with Klaus Knopper? Or has other sources for help? > Maybe someone from Puppy Linux? I think you're confusing the Linux kernel with GNU/Linux distributions. You might as well start looking at Android, if the Linux kernel is what's bothering you. Antony. -- I have an excellent memory. I can't think of a single thing I've forgotten. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Sun, 2018-07-08 at 14:24 -0700, Jimmy Johnson wrote: > On 07/08/2018 02:25 AM, Antony Stone wrote: > > On Saturday 07 July 2018 at 14:03:33, Alessandro Selli wrote: > > > >> On Fri, 6 Jul 2018 at 10:52:20 -0700 Jimmy Johnson wrote: > >> > >>> Good sources > > > > Who / where? > > > You have to do a lot of reading, the information is out there going back > to 2012 the main source is wanted by usa and has been given a gag order > by his keepers or will be forced to leave his protected living quarters. > > >>> tell me we need our own kernel, > >> > >>Why? What's wrong with the available ones? > > > I'm a hardware guy, taught in Silicon Valley, built fist computer > '75-'76, my fist job was a startup in Santa Clara, I worked R until > successful completion and I like taking things apart and maybe building > something better since I was a child. > > In my head I can see how systemd works and it's a computer system inside > your computer, creating virtual hardware and controlling your installed > software, why? It's really simple, your computer is not only working > for you the user but outside sources too, not something the average user > would know about or the ability to do something about. Okay, maybe I'm > not the average user, but I am a user just the same and not a developer, > nor do I have the ability to roll my own kernel. It's known that the CIA > was injecting a backdoor in kernel v.2.6 and now we are dealing with the > NSA, Intel, Microsoft and RedHat. 'IF' our existing kernel has a > backdoor client in it there is nothing 'I' can do about it, but sources > say I need to roll my own kernel. It's the only way to stop this war on > privacy invasion. Neutering software is one thing, but the war will > continue until we get rid of the backdoor. Devuan needs it a kernel > expert, better yet a kernel team of experts. > > Thoughts? Volunteers? The war on privacy will continue, so I'll suggest to take sustainable positions. The need of control and 'power' in some people, and the need to follow orders in others, stands ingrained in their psychological makeup, adequately documented by Bob Altmeyer asynchronousexchange.com/resources/the-authoritarians.pdf Regards -- Elbrus Kondratiev ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/08/2018 02:49 PM, info at smallinnovations dot nl wrote: On 08-07-18 23:32, aitor_czr wrote: Hi Jimmy, El 08/07/18 a las 23:24, Jimmy Johnson escribió: Thoughts? Volunteers? I also would like to see devuan including its own kernel. I can help on packaging stuff. Aitor. I am not a kernel guy so maybe i am asking a stupid question; but what other parts besides the official kernel from kernel.org would you install? Or leave out? I don't think Linus is trying to hide anything, he just can't talk about a backdoor and will deny a backdoor if you ask him about one. Something I haven't done but maybe a kernel source package can be opened to expose what is in there? Something way over my head. Anybody friends with Klaus Knopper? Or has other sources for help? Maybe someone from Puppy Linux? -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
Hi again, El 08/07/18 a las 23:49, info at smallinnovations dot nl escribió: I am not a kernel guy so maybe i am asking a stupid question; but what other parts besides the official kernel from kernel.org would you install? Or leave out? I would leave out binary blobs :) Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 08-07-18 23:32, aitor_czr wrote: > > Hi Jimmy, > > El 08/07/18 a las 23:24, Jimmy Johnson escribió: >> Thoughts? Volunteers? > > I also would like to see devuan including its own kernel. I can help > on packaging stuff. > > Aitor. > > > > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng I am not a kernel guy so maybe i am asking a stupid question; but what other parts besides the official kernel from kernel.org would you install? Or leave out? Grtz. Nick ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
Hi Jimmy, El 08/07/18 a las 23:24, Jimmy Johnson escribió: Thoughts? Volunteers? I also would like to see devuan including its own kernel. I can help on packaging stuff. Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/08/2018 02:25 AM, Antony Stone wrote: On Saturday 07 July 2018 at 14:03:33, Alessandro Selli wrote: On Fri, 6 Jul 2018 at 10:52:20 -0700 Jimmy Johnson wrote: Good sources Who / where? You have to do a lot of reading, the information is out there going back to 2012 the main source is wanted by usa and has been given a gag order by his keepers or will be forced to leave his protected living quarters. tell me we need our own kernel, Why? What's wrong with the available ones? I'm a hardware guy, taught in Silicon Valley, built fist computer '75-'76, my fist job was a startup in Santa Clara, I worked R until successful completion and I like taking things apart and maybe building something better since I was a child. In my head I can see how systemd works and it's a computer system inside your computer, creating virtual hardware and controlling your installed software, why? It's really simple, your computer is not only working for you the user but outside sources too, not something the average user would know about or the ability to do something about. Okay, maybe I'm not the average user, but I am a user just the same and not a developer, nor do I have the ability to roll my own kernel. It's known that the CIA was injecting a backdoor in kernel v.2.6 and now we are dealing with the NSA, Intel, Microsoft and RedHat. 'IF' our existing kernel has a backdoor client in it there is nothing 'I' can do about it, but sources say I need to roll my own kernel. It's the only way to stop this war on privacy invasion. Neutering software is one thing, but the war will continue until we get rid of the backdoor. Devuan needs it a kernel expert, better yet a kernel team of experts. Thoughts? Volunteers? -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Saturday 07 July 2018 at 14:03:33, Alessandro Selli wrote: > On Fri, 6 Jul 2018 at 10:52:20 -0700 Jimmy Johnson wrote: > > > Good sources Who / where? > > tell me we need our own kernel, > > Why? What's wrong with the available ones? > > > Alessandro Antony. -- "Measuring average network latency is about as useful as measuring the mean temperature of patients in a hospital." - Stéphane Bortzmeyer Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Fri, 6 Jul 2018 at 10:52:20 -0700 Jimmy Johnson wrote: > Good sources tell me we need our own kernel, Why? What's wrong with the available ones? Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] A Devuan kernel?
Good sources tell me we need our own kernel, do we have one? Thanks. This last week I've been testing Slackware and I see Patrick is dealing with systemd too, Slackware 14.2 is on what seems to be a ASCII system, except ASCII seems to be just a little bit more sable in audio and video. I have Slack running on three computers and I got my Canon printer working too. :) Of course Devuan Jessie is my go to Linux distro, the easiest to work with and audio/video is most stable of all. -- Jimmy Johnson Slackware 14.2-64 - KDE 4.14.32 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 Good is loving someone who totally pisses you off. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
