Debian is, according to this person, owned by the NSA

Is this:
(a) prophetic
(b) as nutty as an aircraft carrier full of muesli

I’d be interested in thoughts one way or the other.

From the article:

From the start, my revelations on this blog about Red Hat’s deep control of Linux, along with their large corporate/government connections, hasn’t been just about spying, but about losing the distributed engineering quality of Linux, with Red Hat centralizing control. Yet as an ex-cypherpunk and crypto software developer, as soon as I started
using Linux years ago, I noted that all the major distributions used watered-down encryption (to use stronger encryption in many areas, such as AES-loop, you needed to compile your own kernel and go to great lengths to manually bypass barriers they put in place to the use of genuinely strong encryption). This told me then that those who controlled distributions were deeply in the pockets of intelligence networks. So it comes as no surprise to me that they jumped on board systemd when told to, despite the mock choice publicized to users – there was never any option.

So he says that because SSL had a bug, it is likely to be the NSA, and there-fore all the leaders of the major distributions (Red Hat, Canonical, SuSE etc) therefore must be in bed with the NSA.

Man, I have seen some paranoia in the Open Source community, but his really takes the biscuit.

1 Like

Well of cause, Are you trying to say human error is a thing? It’s clearly and always has been purposely put in there, There’s no such thing as human error in coding, especially since, as everyone knows, the people at debian are all coding robots!
You know what Jono, with you defending Debian, I think that you and, perhaps even this community form is owned by the NSA!
(Sarcasm, I’m sorry that I’m kinda crappy at funny sarcasm! >.<)

Anyone based in America can at any point be given a Security letter telling them to 'Do what we say, give us what we want and dont tell anyone or your off to Gitmo"

…The land of the freeeeeeeeeee and the hooommmme of the braaavvvvveeee…

Im not saying GCHQ is any better but

Now. It is easy to mock. And I don’t want most of this bloke’s action. But, given all the Snowden revelations, the NSA and GCHQ would have to be stupid if the idea of compromising OpenSSL didn’t occur to them. And they are not stupid. And if they had, this is how they’d do it; they’re not going to submit a patch which makes all https websites also accept NSA.cert, are they? The post is a way over the tin-foil-hat line, but it does potentially have a point…

1 Like

I see your point, but what would be the ultimate goal of doing this on such a huge public scale? They must know that such a vulnerability would be uncovered and fixed pretty quickly.

My concern about presuming things such as that is that it basically opens the door to anything being possible and therefore everyone lives in a culture of fear and mistrust. I would rather judge the world on evidence as opposed to presumption.

It wasn’t! The code was written at midnight on New Year’s Day (really), three years ago. Having three years of unfettered access to something everyone considered secure ain’t nothin’. And this may not be the only such example.

Look, I’m not saying that this was definitely a malicious government compromise. I’m not even saying that they knew and took advantage. I am, as they say, just sayin’.

1 Like

You’ve really got to be a huge believer in governments spending money for little in return. Imagine you go to your boss and say you’ve got this project that will open a hole in two-thirds of the world’s web sites but you have no idea which ones, no way to guarantee any of the interesting ones will be impacted, and the data collected will be completely random.

And at any moment someone might discover your trick and patch it with a line or two of code.

Do you really expect to get funding for your project? Or is it more likely your boss will send you back to your desk to look for coded messages on lolcats.com?!

[quote=“schultzter, post:8, topic:293”]
Imagine you go to your boss and say you’ve got this project that will open a hole in two-thirds of the world’s laptops but you have no idea which ones, no way to guarantee any of the interesting ones will be impacted, and the data collected will be completely random.[/quote]
We know they intercept laptops and patch the firmware. Is this any different?

But they probably dident find this one, why else would they have gone to such lengthes to get the certificate keys for Ledar Leversons email servers if they coud just send a couple of packets and get them. They may have been doing a double blind in going through the motions to ensure they had the keys via a legitimate route while they had them anyway. But somehow I dont beleve that.

Stuart (not langradge)

I can believe it, in fact I could well believe that none of it is by accident but rather by design.

Just pause for a moment to reflect that every Free & Open source system come’s with absolutely no warrenty and then reflect on the amounts of CVE’s - Critical Vulnerabilties which seem to be a constant patch Job.

Do you mean to tell us all that all those CVE’s where just a few mistakes?

That there are no systems that have no Bug’s?!

I refuse to believe that because I know better, so should everybody else…

When you’ve got lead developers muttering that everybody else is paranoid when they come out with comments about RdRand telling them they’re all paranoid for saying quotes like: “Linux an NSA approved partner” and then you listen to that same developer whine about how all System on Chip (SoC) developers should die a painful death, then you can kind of get a feel for things. (especially when you reflect the ruskies are now embracing ARM and dropping Intel) Somehow I think that same lead developer know’s more than he’d like to let on. An lets not forget that later on it all came out in the Wash about RdRand and then it was that developer that was the one left holding the tin-foil hat!

UEFI - It makes your BIOS so much more Secure in contrast to CoreBoot!
RdRand - Better than the Clipper chip! 100% more improved!
Serial Line - It’s on your console window, just type STTY and ask yourself "Why?"
GUID - Global Unique Identifier - What other developers call Software Fingerprints!

When they say “Owned” I take that with a pinch of Salt (pun) you mean Pwned! Because by the very fact and nature of it being open that means any tom, dick or harry can just come along and submit a patch with a few extra malicious features thrown in. Just like when the lead developer dropped 1000 lines of code out of the 2.6 Kernel and gave us all a Critical Bug… thanks Linus!

Dont call it “Linux” call it “LUnix” instead!

Of course we all get to read, that these leaks that have come out could cost live’s, so lets put that into perspective, suddenly over at FoxConn electronics in China, worker’s mystriously take flying lessons out of 8 story windows, “Suicide” reads the communist paper, 8th one in under a month, but now the question, did they “Jump” or where they “Pushed?”

An who are these CEO’s that protesteth far too much about the spying measure’s being carried out.

Well lets see;

Microsoft - excellent track record for having a Monopoly and rumor has it the now defunct CEO used to threaten his workers with a baseball bat. An you get to hear Mr Gates is due back in court!

Google - “Dont be evil!” hahaha! (Still waiting on the EU antitrust ruling!) and oracle dont seem to be very happy about the fact they just took there Java without paying for the Royalties first.

Apple - The notorious Mr Job’s forcing child labour to put together his iDevice’s

Facebook - The 23 year old executive who likes to threaten his staff with a Sword and says people that trusted him back in University where stupid. Excellent articles out there about how he once threw water all over a guy’s laptop during a software demo screaming like a petulant child “this is **** do it again!”

Made in the USA:
Microsoft Windows: "I’m a PC!"
Apple: “I’m a Mac!”

What we next hear from both Russia & China “We’re sick of your imperialist CPU dogma!”

Good to have it all in perspective!

Hang on, now. I am no big fan of Google in some ways, but their use of Java is not one of them. Are you honestly suggesting that you agree with the idea that the people who build a computer language get to own everything built with that language? I hope you aren’t; that would be outright disastrous.

No im not suggesting it, as to be honest I’m not really a very big fan of Oracle either, they bought out Sun Microsystems and to be honest Sun made a good product until Oracle got there hands on it, because lets face it after they bought it out, suddenly Sun Microsystems shipped with AMD opteron chips. So the blame get’s to be shared around equally for this fisco… What happened to the DAC - Discreationary Access Card interface that used to ship with Sun Servers? Seems to have dissappeared after Oracle bought them out and started dealing with AMD and suddenly there newer Sun machine came with USB ports instead of Access Controls.

Java isnt my favorite language, in fact Javascript can lay claim to a fair percentage of the Virus code out there on the web. Web 2.0 Standards… Open Solaris with ZuneFS and roll back… erm yeah!

Just flicking your way through the leaked documents is certainly eye opening, GINSU & BULLDOZER… But wasnt Bulldozer the code name for one of the AMD processors?

I miss motorola and the PowerPC cpu, that was a good product, Sun Ultra Sparc, that was a good product, MIP’s CPU’s those where and still are a good product… Oracle seem’s to have lost it’s way along with the rest of them, but dont worry, when these CEO’s go for break’s abroad in one of the countries they’ve been spying on, they might find there holiday destinations suddenly limited. I sure wouldnt want to visit some country where they want to speak to me about Espionage charges as a holiday resort!

This is what happened after Bush passed Section 702 of the Patriot Act he successfully re-enacted CO-INTELPRO and dragged every American brand (Some of which i used to respect AMD included) down this crazy path of not state wide but World wide surveilance.

It was Heinrich Himmler in WWII who said “The threat of Terrorism is the greatest political weapon, we dont want the people to love us, only to fear us!”

With the Russian’s imposing there own sanctions against all your buisness interest’s, the Chinese moving the warship’s closer, the Middle east in complete turmoil, whilst they’re funneling them more weapons for upheavel, do feel free to share how the fear factors working out for y’all!

After they finished leveing half of Gaza suddenly now you get to listen to, please spare some change for this and that charity to help these poor war torn families trying to piece there lives back together, are you kidding me? They blast them into oblivion then want the tax payer to give them aid by sending money for relief… Germany got it right for once when they turned around and said “this is Stasi!”

If I was in some war torn country getting shelled I would head down to the beach with a boat, then I’d get in the boat and I wouldnt head back… I’d head to the nearest civilized population screaming, asylum!

Or get as far away as humanly possible from the Crazy element…

Crazy politicians & bureaucrat’s followed up by crazy tax laundering Charity!

Funny how normally in a normal society if your agreeved it’s the offending party that’s supposed to make restitutions and compensations to the offended party, but in the world of Politic’s they finance the weaponry, blow the crap out of another nation or state and then expect YOU the tax payer to foot the Bill.

Charities do such marvelous work, just look at Sierra Leone in west Africa after they gave them nearly 2 million for Aid, the first thing they did with it was fund the Militia!

Sun Fire servers shipped with Opterons in 2004. Oracle completed the purchase of Sun in January 2010. Just saying.

Just saying your an idiot… when was 9/11 in the US an the reclimation of the Patriot act US… who jus supplied iSiL with weapon’s, including the CIA requisition order for half a million AK-47 Magazines funneled into islamabaddie? Funneled into the region by the CIA out of northern ireland, Jus Sayin! Allah awakbar! For god is almighty jus sayin! An when the god believers are all up in your face, jus sayin, it might be an idea to run back to your jewish friends and there palastinian gas field’s jus sayin… wasnt that how WWII got started, because some-one let the Jew’s control the world bank?? Jus Sayin!

None of that has anything to do with this topic. You made a factual error in your statement about Sun servers shipping with Opteron processors. I corrected that error. I’m certainly not the one who missed the date by nearly 6 years. Please, use your head when posting and verify what you are typing.

2 Likes

Java != JavaScript

I think the government should approach this in a different direction. Instead of trying to invade with backdoors and compromising code, they should just offer entire system imaging online for free with daily backups. Perhaps even giving gigabit fiber to every home and business for a very small charge to make it more convenient, for them that is. Wouldn’t want to slow down getting your data! :smile: